Why do I speak of DDoS attacks as a form of censorship? Quite simply because the economics of mitigating large-scale DDoS attacks do not bode well for protecting the individual user, to say nothing of independent journalists.

In an interview with The Boston Globe, Akamai executives said the attack [on krebsonsecurity.com] — if sustained — likely would have cost the company millions of dollars. In the hours and days following my site going offline, I spoke with multiple DDoS mitigation firms. One offered to host KrebsOnSecurity for two weeks at no charge, but after that they said the same kind of protection I had under Akamai would cost between $150,000 and $200,000 per year.

Ask yourself how many independent journalists could possibly afford that kind of protection money? A number of other providers offered to help, but it was clear that they did not have the muscle to be able to withstand such massive attacks.

Brian Krebs on the cost of free speech.

Similar to the last post, Brian Kerbs is also a prominent security analyst. In September, his website was taken offline by what was then one of the biggest DDoSes ever seen. It was also the precursor to the (larger) Dyn attack, in that it used the same IoT botnet and was also probably performed by no-one important or special, just assholes proving they could.

How much does it cost to rent a botnet to do this stuff? A lot less than it costs to rent a service to prevent it, that’s for sure…