Security expert Brian Krebs targeted by DDoS attack with 6.3 terabits per second

Last week, the blog of security researcher Brian Krebs became the target of one of the strongest DDoS attacks ever, only an attack a few weeks earlier on Cloudflare was even stronger. Krebs has now made this public himself and summarized a range of information about the person who is said to have laid the foundation for the attack. A huge botnet of hijacked devices, reminiscent of the infamous Mirai botnet, was responsible – except that the attack was much more severe. The only reason it did not cause any noticeable disruption was because it lasted less than a minute. It may have been a demonstration.

Two record attacks within a few weeks

As Krebs explains, the attack sent 6.3 terabits of data per second to his site for a total of around 45 seconds. That was ten times as much as an attack in 2016 that knocked the blog offline for four days. This attack was so strong that the anti-DDoS service Akamai capitulated and ended protection for the site. Since then, the blog has been protected by a free service provided by Google specifically for news sites, human rights activism and election-related content, writes the security researcher. The attack on May 12 was therefore the largest that “Project Shield” has ever faced.

According to Krebs, a botnet of hijacked devices dubbed Aisuru, which was first active in August 2024, was probably responsible for the attack. Its services are offered via Telegram, and anyone who wants to can have targeted sites kicked off the internet for 150 US dollars per day or 600 US dollars per week. Krebs quotes his contact at Google as saying that only very few sites could withstand the amount of hits that are possible. The attack on his blog and an even stronger one on Cloudflare in April were therefore too short to cause any disruption, but strong enough to prove its capabilities. Both were probably intended as a presentation for potential customers, he speculates.

Krebs found out that the botnet was set up by a man from Brazil. However, he claims that he has since relinquished responsibility for the botnet. Apparently, he feels quite safe from prosecution in his home country. He did not reveal who exactly was responsible for the record attacks. The security researcher also explains that a successful botnet like Mirai years ago and now possibly Aisuru could quickly displace less powerful competitors. It would therefore help if the source code were made public, as was the case with Mirai. This would stimulate competition and reduce the power of the attacks.

Read also

Mirai: Die Entwickler des IoT-Botnetzes arbeiten jetzt für das FBI

(mho)