Screenshot by Alfred Ng/CNET
Akamai, which speeds website content to users, had never seen anything like it. At nearly 620 Gbps of traffic per second, an "extremely large and unusual" attack pummeled and crippled cybersecurity journalist Brian Krebs's website .
In what is known as a distributed denial-of-service (DDoS) attack, hackers conscripted hordes of connected gadgets like digital video recorders, routers and digital cameras into a botnet, which overwhelmed Krebs' website with traffic, forcing it to go down , he wrote on September 21. Imagine if servers were buckets, and normal traffic were like drops of rain. DDoS attacks would be like hoses overflowing the buckets, preventing any rain water from actually getting in.
The security needed to ward off the attack would have cost up to $200,000 a year for Krebs, but Google's Project Shield was able to fend off the DDoS attack for free.
Krebs' page returned on Sunday.
The attack shed light on a little known, but important service offered by Google, one that protects journalists, news sites, election monitoring sites and human rights advocates from cyberattacks. Project Shield falls under one of Jigsaw's protection tools for free speech online. The think tank, formerly known as "Google Ideas," changed its name in February after Google restructured to become Alphabet .
Jigsaw, formerly known as Google Ideas, created Project Shield to protect against DDoS attacks.Photo by Jigsaw
The think tank's goal is to use technology to "make the world a better place," taking on issues like censorship, corruption and extremism.
DDoS attacks have only grown since Project Shield saved Krebs, with OVH Hosting hit with more than 1 Tbps of traffic from a botnet with 145,607 cameras and DVRs .
Project Shield works by receiving traffic requests on your website's behalf, and then filtering out the actual visitors from the legion of spambots. Going back to the bucket analogy, Project Shield would be like having Google's massive bucket covering your servers, taking in the rainwater and DDoS's hose flooding, and then only filtering through the rainwater to your bucket.
For now, the protection is only available to a select group.
"We offered the free service to those groups first because they can be especially vulnerable to DDoS attacks, and many of them lack the resources to engage paid DDoS-mitigation services," according to Jigsaw.
Websites across the world, like El Ciudadano in Chile, Marques in Angola and The Local in Europe are all using Project Shield's services.
The project originally started as a way of countering state-sponsored DDoS attacks, but in Krebs' case, he pointed out his assailants were most likely private individuals who built up an army for the botnets . The scenario presents a new challenge for Project Shield, as DDoS attacks continue to scale larger, and more Internet of Things devices become activated.
Project Shield has been notifying owners if their machines were hijacked for DDoS attacks and pinpointing networks that allow this to happen, according to Jigsaw. The think tank has been studying the DDoS attack Krebs suffered, and using it to improve its own defenses.
Despite Project Shield's presence, the use of these attacks to stifle free speech will continue to be a problem.
"The internet can't route around censorship when the censorship is all-pervasive and armed with, for all practical purposes, near-infinite reach and capacity," Krebs said.