Google punts freebie DDoS shield to hacks, human rights worthies
Reverse proxying traffic might save headaches
Google has launched a free service to protect news websites against DDoS attacks.
Project Shield will also be offered to human rights and election monitoring websites as a way of fending off increasingly commonplace site-swamping DDoS assaults. Google is offering to "reverse proxy" qualifying websites' traffic through Google's cloud platform. Publishers can opt in to route all their traffic through Google by making changes in their DNS settings.
Google has promised not to use log info in order to serve advertising. The advantage for publishers is that a successful attack would effectively have to be strong enough to destabilize Google's cloud instead of simply knocking over a WordPress installation, a much easier proposition for attackers.
One disadvantage is that sites would become inaccessible from countries that block all Google IP addresses. In many such cases, the sites might be censored anyway, and reachable only through VPNs or Tor. Publishers would also have to put their faith in Google and its security.
Google is sitting in the middle of the traffic from a publisher to its readers and, especially in the case of human rights websites, this is going to make the whole setup a prime target for the intel agencies stretching across the world from Beijing to Tehran and beyond.
The service joins at the lower end of a crowded DDoS mitigation market occupied by the likes of Arbor Networks, Akamai (Prolexic) and other security firms that have branched out towards offering commercial DDoS mitigation services, such as Kaspersky Lab. Businesses are being sold technology and services to guard against potential DDoS attacks, which can result in damage to reputation or financial losses to unprotected or weakly protected organisations.
David Emm, principal security reseracher at Kaspersky Lab, commented: "DDoS attacks are nothing new; they've been a threat for many years and are one of the most popular weapons in a cybercriminal's arsenal. However, we've noticed attacks have become persistent and sometimes against the same organisations. In fact, Kaspersky Lab found that in 2015, one in six companies worldwide suffered a Distributed Denial of Service (DDoS) attack, with the attack rate rising to one in four (24 percent) for enterprises."
The simplest DDoS attack can be acquired for only £32.30 (~US$45.10) and ordered anonymously, according to Vigovsky. Low-level DDoS attacks via so-called booter services can be used by gamers to knock rivals offline. A range of different groups with varying capabilities launch DDoS assaults, which at the top end are used to either disguise or facilitate attacks against banking networks and the like.
"The problem is that today, DDoS attacks can be set up cheaply and easily, from almost anyone, whether that be a competitor, a dismissed employee, socio-political protesters or just a lone wolf with a grudge," Vigovsky warned. ®