'In September, KrebsOnSecurity—arguably the Internet's most intrepid
source of security news—was on the receiving end of some of the
biggest distributed denial-of-service attacks ever recorded. The site
soon went dark after Akamai said it would no longer provide the site
with free protection, and no other DDoS mitigation services came
forward to volunteer their services. A Google-operated service called
Project Shield ultimately brought KrebsOnSecurity back online and has
been protecting the site ever since.
At the Enigma security conference on Wednesday, a Google security
engineer described some of the behind-the-scenes events that occurred
shortly after Krebs asked the service for help, and in the months
since, they said yes. While there was never significant hesitancy to
bring him in, the engineers did what engineers always do—weighed the
risks against the benefits.
"What happens if this botnet actually takes down google.com
lose all of our revenue?" Google Security Reliability Engineer Damian
Menscher recalls people asking. "But we considered [that] if the
botnet can take us down, we're probably already at risk anyway.
There's nothing stopping them from attacking us at any time. So we
really had nothing to lose here."'
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 858-5174