brian-krebs

Mr. Krebs — a former reporter at The Washington Post who taught himself to read Russian while jogging on his treadmill and who blogs with a 12-gauge shotgun by his side — is so entrenched in the digital underground that he is on a first-name basis with some of Russia’s major cybercriminals. Many call him regularly, leak him documents about their rivals, and try to bribe and threaten him to keep their names and dealings off his blog.
—  Brian Krebs, security journalist and all-around interesting character, gets his New York Times profile. You might know him from such work as the Target breach and the Adobe breach.
Ransomware hackers steal a hospital. Again.

A month after a hospital in Hollywood was shut down by a ransomware infection that encrypted all the files on its computers and computer-controlled instruments and systems, another hospital, this one in Kentucky, has suffered a similar fate.

The hacker who stole Hollywood Presbyterian asked for $3.6 million, but settled for a piddling $17,000 (40 bitcoin), presumably after they realized that their random infectious agent had kidnapped a giant, high-profile institution that would be able to motivate serious law-enforcement investigations that would move ever-closer to their true identity the longer the ransom negotiations continued.

Henderson, Kentucky’s Methodist Hospital has declared an “Internal State of Emergency,” having been shut down by a piece of ransomware called “Locky.” The hospital’s spokeslawyer, David Park, said that they’re addressing the ransomware attack using plans designed to help the hospital weather a tornado or other natural disaster.

The attackers are only asking for $1,600 (4 bitcoin) to unlock the hospital’s files.

Brian Krebs speculates that the attackers didn’t set out to hold a hospital to ransom, and have no real appreciation of how much they could be asking for (though the Kentucky hospital seems to have been less compromised than the one in Hollywood). He warns that in future, ransomware creeps will start targeting their attacks, aiming for victims who have more to lose, and more to spend, when their data is taken from them.

https://boingboing.net/2016/03/25/ransomware-hackers-steal-a-hos.html

Google just saved the journalist who was hit by a 'record' cyberattack

(Brian Krebs/@briankrebs)
Google just stepped in with its massive server infrastructure to run interference for journalist Brian Krebs.

Last week, Krebs’ site, Krebs On Security, was hit by a massive distributed denial-of-service (DDoS) attack that took it offline, the likes of which was a “record” that was nearly double the traffic his host Akamai had previously seen in cyberattacks.

Now just days later, Krebs is back online behind the protection of Google, which offers a little-known program called Project Shield to help protect independent journalists and activists’ websites from censorship. And in the case of Krebs, the DDoS attack was certainly that: The attempt to take his site down was in response to his recent reporting on a website called vDOS, a service allegedly created by two Israeli men that would carry out cyberattacks on behalf of paying customers.

Soon after Krebs reported on the site, the two men were arrested and the site was taken offline.

“Why do I speak of DDoS attacks as a form of censorship?” Krebs asks in a post on Sunday. “Quite simply because the economics of mitigating large-scale DDoS attacks do not bode well for protecting the individual user, to say nothing of independent journalists.”

Krebs didn’t fault Akamai for pulling the plug on his site. The company was hosting him for free, and in the face of a massive DDoS attack, made a business decision, since hosting had not only interrupted Krebs site, but other paying customers.

Google offers Project Shield to independent news organizations, along with human rights and election monitoring sites that are frequently targeted in cyberattacks, the idea being that small websites don’t have the money or tech to counter such an influx of traffic. So instead of letting them be taken offline and silenced, Project Shield keeps them online.

Since last Tuesday, Krebs’ site had been under sustained distributed denial-of-service, or DDoS, a crude method of flooding a website with traffic to deny legitimate users from being able to access it. The assault flooded Krebs’ site with more than 620 gigabits per second of traffic.

To put it more plainly: It’s the digital equivalent of jamming a bunch of gunk into a drain pipe. Eventually, water won’t be able to pass through.

Now he’s back online, though it’s unclear whether he is still under assault over at Google.

“I sincerely hope we can address this problem before it’s too late,” Krebs wrote. “And I’m deeply grateful for the overwhelming outpouring of support and solidarity that I’ve seen and heard from so many readers over the past few days. Thank you.”

NOW WATCH: Scientists discovered something ‘shocking’ that could rewrite a key part of human evolution



More From Business Insider
The democratization of censorship: when anyone can kill as site as effectively as a government can

On the eve of the Stuxnet attacks, half a decade ago, I found myself discussing what it all meant with William Gibson (I’d just interviewed him on stage in London), and I said, “I think the most significant thing about any of these sophisticated, government-backed attacks is that they will eventually turn into a cheap and easy weapon that technically unskilled people can deploy for petty grievances.” We haven’t quite got there yet with Stuxnet, but there’s a whole class of “advanced persistent threat” techniques that are now in the hands of fringey criminals who deploy them at the smallest provocation.

Exhibit A is Brian Krebs (previously), a tireless and fearless cybercrime reporter who has outed spammers, scammers, carders, black pharmacy proprietors, pornographers, skimmers, and, significantly, DDoSers. Distributed Denial of Service attacks harness lots of hijacked or compromised computers to flood the target’s site with so many malformed, computationally intensive request that it just shuts down – sometimes taking its ISP with it. Boing Boing has been hit by some doozies in the past, but nothing like what Krebs has had to contend with.

Krebs gets hit often, seemingly in retaliation for his reporting. Naturally, the DDoS creeps he outs are most apt to use DDoS to attack his site. For years, he’s relied on pro bono help from Akamai, a company that runs a huge content distribution network that is legendarily hardened against DDoS attacks.

But last week, Krebs went offline altogether, and Akamai let him know that this time, they couldn’t shield him. The amount of traffic that was coming in was going to cost Akamai millions – it was more than even they could absorb.

There’s DDoSes and then there’s DDoSes. In Krebs’s case, the attack hit 620 Gbps, the kind of flood that you’d normally find in a state sponsored attack. In this case, the attacker was able to leverage Internet of Things devices with poor security to build the biggest-yet IoT botnet (a growth industry with no end in sight) that slammed Krebs’s network without mercy.

Krebs’s attack exists at the intersection of so many of the internet’s dumpster-fires. It hit the same week that HP deployed DRM on its printers, making them off-limits to security researchers – this is the same manufacturer that was outed as having 100,000,000 hijackable printers in the field that could be harnessed for botnets.

Then there’s the crimeware industry, which works with scummy ISPs that secretly participate in DDoS attacks for their own financial benefit. Finally, there’s the disturbing news that someone (cough China cough) is building an internet-killing weapon that relies on DDoS as its battering ram.

It looks like Krebs’s attack was in retaliation for outing a couple of petty Israeli criminals who’d run a DDoS-for-hire service (the attack included the string “freeapplej4ck” in its payloads, a reference to one of the crooks’ aliases). These two puny creeps, or their aggrieved dimwit pals, were able to muster the firepower of a government to attack a journalist.

Meanwhile, Krebs was eventually bailed out by Google’s Project Shield, one of Jigsaw’s anti-“surveillance, extremist indoctrination, and censorship” tools. That right there is another sign of the times: the attacks launched by state-level actors and those who can muster comparable firepower are no match for Google – so far.

https://boingboing.net/2016/09/25/the-democratization-of-censors.html

Google just saved the journalist who was hit by a 'record' cyberattack

(Brian Krebs/@briankrebs)
Google just stepped in with its massive server infrastructure to run interference for journalist Brian Krebs.

Last week, Krebs’ site, Krebs On Security, was hit by a massive distributed denial-of-service (DDoS) attack that took it offline, the likes of which was a “record” that was nearly double the traffic his host Akamai had previously seen in cyberattacks.

Now just days later, Krebs is back online behind the protection of Google, which offers a little-known program called Project Shield to help protect independent journalists and activists’ websites from censorship. And in the case of Krebs, the DDoS attack was certainly that: The attempt to take his site down was in response to his recent reporting on a website called vDOS, a service allegedly created by two Israeli men that would carry out cyberattacks on behalf of paying customers.

Soon after Krebs reported on the site, the two men were arrested and the site was taken offline.

“Why do I speak of DDoS attacks as a form of censorship?” Krebs asks in a post on Sunday. “Quite simply because the economics of mitigating large-scale DDoS attacks do not bode well for protecting the individual user, to say nothing of independent journalists.”

Krebs didn’t fault Akamai for pulling the plug on his site. The company was hosting him for free, and in the face of a massive DDoS attack, made a business decision, since hosting had not only interrupted Krebs site, but other paying customers.

Created in Alphabet’s (Google’s parent company) in-house technology incubator Jigsaw, Project Shield helps independent news organizations, along with human rights and election monitoring sites that are frequently targeted in cyberattacks — the idea being that small websites don’t have the money or tech to counter such an influx of traffic. So instead of letting them be taken offline and silenced, Project Shield keeps them online.

Since last Tuesday, Krebs’ site had been under sustained distributed denial-of-service, or DDoS, a crude method of flooding a website with traffic to deny legitimate users from being able to access it. The assault flooded Krebs’ site with more than 620 gigabits per second of traffic.

To put it more plainly: It’s the digital equivalent of jamming a bunch of gunk into a drain pipe. Eventually, water won’t be able to pass through.

Now he’s back online, though it’s unclear whether he is still under assault over at Google.

“I sincerely hope we can address this problem before it’s too late,” Krebs wrote. “And I’m deeply grateful for the overwhelming outpouring of support and solidarity that I’ve seen and heard from so many readers over the past few days. Thank you.”

This post was updated to reflect Jigsaw’s place as an Alphabet project.

NOW WATCH: The last harvest moon eclipse of the decade has come and gone — here’s what a harvest moon actually is



More From Business Insider
Akamai kicked journalist Brian Krebs' site off its servers after he was hit by a 'record' cyberattack

(Brian Krebs.Brian Krebs/@briankrebs)
The cloud-hosting giant Akamai Technologies has dumped the website run by journalist Brian Krebs from its servers after the site came under a “record” cyberattack.

“It’s looking likely that KrebsOnSecurity will be offline for a while,” Krebs tweeted Thursday. “Akamai’s kicking me off their network tonight.”

Since Tuesday, Krebs’ site has been under sustained distributed denial-of-service, or DDoS, a crude method of flooding a website with traffic to deny legitimate users from being able to access it. The assault has flooded Krebs’ site with more than 620 gigabits per second of traffic — nearly double what Akamai has seen in the past.

To put it more plainly: It’s the digital equivalent of jamming a bunch of gunk into a drain pipe. Eventually, water won’t be able to pass through.

Websites targeted by this type of attack typically go down for a short period and then come back online. And for hosts, the attacks mean shifting resources to different servers to mitigate the damage.

“I can’t really fault Akamai for their decision,” Krebs added. “I likely cost them a ton of money today.”

It doesn’t seem as if the site’s removal from Akamai’s servers is because the company couldn’t handle the attack. Instead, it’s more likely that Krebs had worn out his welcome on the service, which is probably losing money handling such a cyberattack for a website it was hosting at no charge.

Before everyone beats up on Akamai/Prolexic too much, they were providing me service pro bono. So, as I said, I don’t fault them at all.

— briankrebs (@briankrebs)

September 23, 2016

The attack may be related to Krebs’ recent reporting on a website called vDOS, a service allegedly created by two Israeli men that would carry out cyberattacks on behalf of paying customers. Soon after Krebs reported on the site, the two men were arrested and the site was taken offline.

Akamai declined to comment.

This post was updated with new information from Brian Krebs that his site was hosted pro bono.

NOW WATCH: Scientists discovered something ‘shocking’ that could rewrite a key part of human evolution



More From Business Insider