Brian Krebs and Akamai: A lesson in reputational harm and a win for Google’s Project Shield

Brian Krebs is author of the immensely popular blog Krebs on Security, a top source for deep-dive investigations into the latest hacks and breaches launched against corporations and governments.

Ask anyone in cyber to name the top security bloggers and Krebs’ name inevitably comes up. Last month KrebsonSecurity.com had nearly 3.5 million total visits, according to website measurement firm SimilarWeb.

On Sept. 20, 2016 at around 8 pm EST KrebsOnSecurity.com was the victim of one of the biggest assaults the Internet has ever witnessed, according to Krebs. The record DDoS attack did not succeed thanks to the hard working engineers at Akamai, where his site was hosted.

In a colossal reputational blunder that followed, Akamai cut ties with Krebs. According to a story in the Boston Globe, Akamai could no longer afford to pick up the tab for protecting the heavily trafficked — and often targeted — website. To Akamai’s credit, they’d been providing security services to Krebs at no cost. And this wasn’t the first time they fended off a cyber attack on his site. Josh Shaul, vice president of web security at Akamai, claimed “If this kind of thing is sustained, we’re definitely talking millions of dollars in cyber security services.”

Akamai has been pushing its cloud services in a highly competitive market, according to Seeking Alpha – which reports that Akamai is trading at a steep discount. The company closed at 54.28 on the NASDAQ exchange yesterday. Akamai’s 52-week high was 76.39 last October (2015) around this time.

When a site is hacked, reputational harm often comes with it. In this case, it isn’t the site’s brand who is suffering. Rather, it is Akamai. Krebs is a target because he calls cybercriminals on the carpet. Akamai helped Krebs pro-bono in the past, and got a lot of recognition for it. There’s no way Krebs could have afforded that type of cyber defense on his own dime. In his moment of need, Akamai walked.

Fortunately, Google came to Krebs’ rescue, according to a story in Fortune. Project Shield uses Google’s infrastructure to protect independent news sites from distributed denial-of-service attacks (DDoS), a type of digital attack that exploits thousands or even millions of computers to overwhelm a website’s servers and take it offline… which is what happened to KrebsOnSecurity.com.

Akamai has a market cap of more than $9.5 billion (as of yesterday). Surely they could have afforded the millions of dollars (if that is what it actually would have cost) to continue protecting Krebs, who is also author of ‘Spam Nation’, The New York Times Bestseller which is described as The Inside Story of Organized Cybercrime — From Global Epidemic to your Front Door. In addition to helping one of the most popular cyber-fighters, they would have been credited for continuing to protect a website that suffered a staggering DDoS attack — perhaps the worst ever. The reputational gain that would have come from continuing to cyber defend Krebs pro-bono may have offset the costs of losing him to Google.

Krebs built up his reputation working as a reporter for The Washington Post from 1995 to 2009, authoring more than 1,300 blog posts for the Security Fix blog, as well as hundreds of stories for washingtonpost.com and The Washington Post newspaper. The cybersecurity industry desperately needs people like Krebs to help battle cybercrime – which was recently predicted to cost the world $6 trillion annually by 2021, up from $3 trillion last year.

In a recent cybercrime report published by Cybersecurity Ventures, Krebs wrote a special contribution which states that everyone has a role to play in security, and if we’re not part of the solution we’re invariably part of the problem. Fortunately, KrebsOnSecurity.com is up and Brian Krebs is continuing to do his part in the war against hackers. Thanks Brian, and thanks Google.

(Disclaimer: Steve Morgan is founder and CEO of Cybersecurity Ventures.)