Google Rescues a Security Blogger Under Attack from Hackers
Big companies can be a force for good. And if you doubt it, look at what Google just did: the search giant lent its formidable computing power to a journalist who had been knocked offline by a massive hacking effort.
The intervention came about after hackers targeted Brian Krebs, a veteran security blogger, with an unprecedented “distributed denial-of-service” (DDoS) attack, apparently in retaliation for Krebs’ exposing their sleazy business practices.
While DDoS attacks are nothing new, and Krebs has weathered them before, the new attack was unusually powerful. As Krebs points out, such new hacks are possible because hackers have far more weapons at their disposal than ever before.
In the past, hackers would typically hijack old Windows PCs and order them to direct traffic to the target’s website in an attempt to knock it offline. Now, though, there are far more devices on the internet, and many of them can be co-opted by attackers:
[the Krebs] attack was launched with the help of a botnet that has enslaved a large number of hacked so-called “Internet of Things,” (IoT) devices — mainly routers, IP cameras and digital video recorders (DVRs) that are exposed to the Internet and protected with weak or hard-coded passwords.
The bottom line is that the attackers were able to use these weapons to knock down Krebs’s website—which is a vital source of information for the security community—and keep it down. As Krebs notes, it’s a new and dangerous form of censorship.
Get Data Sheet, Fortune’s technology newsletter.
So where does Google fit into this? The company recently launched a project called “Project Shield” (technically run under the Alphabet subsidiary Jigsaw), whose aim is to protect journalists who come under attack from DDoS hacks.
Project Shield works by lending servers to absorb the malicious traffic sent by hackers to overwhelm a website. The beneficiaries of Project Shield are not only security reporters like Krebs, but also journalists in countries where governments use DDoS attacks to censor them.
Google (GOOG) declined to comment on its role defending Krebs from DDoS attacks.
Krebs had been supported pro bono by Akamai (AKAM), but the content management company decided it could no longer afford to keep protecting his site from large-scale attacks like the one launched last week. According to Krebs, another company told him that the sort of protection Akamai provided would cost $150,000 to $200,000 per year.
Long story short, the Krebs attack shows it’s more important than ever for Google and other companies to step up and defend websites, as DDoS attacks become powerful weapons of censorship.
This story was corrected at 5:50pm ET on Tuesday to note another company, not Akamai, provided the financial figures cited by Krebs.