Oct. 23--Google is throwing its heft against one of the more common attack strategies on the Internet: distributed denial of service (DDoS) attacks.
The search giant is probably the highest-profile website in the world -- and has built complicated internal software to defray such attacks. Now it has said it will repackage, and potentially sell, some of that vast computing infrastructure to other websites to help mitigate the problem in an initiative called Project Shield.
The idea behind a DDoS attack (pronounced "DEE-dos") is to overload the computers that generate a Web page so that other people can't access it. When you go to SFGate.com, for example, your browser requests information -- text, pictures, links, etc. -- from SFGate computers. Those computers can only handle so many requests at one time. Website managers gauge how much traffic they will get and adjust that ceiling so they don't go over.
But bad guys can employ networks of computers -- typically those hijacked by malicious software -- to make thousands of requests from a website at one time. Once that ceiling is surpassed, people trying to access the Web page either have to wait -- like a call center with 100 reps but 200 incoming calls -- or they get an error message saying the page can't load. Google's heft makes it a big bull's-eye with hackers, so the company is well versed in dealing with the problem.
Tech companies sometimes build great products for internal purposes and resell them -- eventually -- to the public. Amazon, for instance, is one of the largest providers of cloud computing infrastructure -- certainly a departure from selling books and CDs online. The e-commerce giant got its chops building up its sprawling digital store and realized it could resell that infrastructure to other companies.
Companies like Amazon, Akamai and the highly lauded CloudFlare of San Francisco help websites mitigate this problem by scrubbing out the bad traffic or distributing those requests across additional computers. Now Google, with huge data centers around the world, is dipping its toes in those waters.
CloudFlare CEO Matthew Prince notes that the security challenges of running a website are such that companies must turn to experienced providers for help against attacks. To him, it made sense Google would eventually get in the business.
"You need Google-like scale to mitigate these sorts of challenges," he says. "I don't think this is a surprise for us."
Like CloudFlare, however, Google will have to navigate complicated questions about providing services to controversial groups, such as WikiLeaks or portions of the U.S. government, he says.
DDoS attacks are done for myriad reasons, most of them of debatable merit. For instance, hacker collective Anonymous has Operation Payback, where the group uses DDoS attacks against groups it feels are on the wrong side of the Internet copyright debate over digital media. In other cases, groups will even advertise DDoS services for any company that wants to bring down a competitor's website.
Google is taking signups from interested websites and, for now, says the service is free. Google runs one of the most sprawling computing networks on the planet, yet still gets almost all its revenue from advertising. The company makes it clear that businesses could in the future be charged for the DDoS service, which seems likely to happen if it's successful.
Google announced Project Shield as a way to help bloggers in politically volatile countries keep their sites safe against attack. But Google, like many tech companies, has a habit of making shrewd business decisions under the guise of humanitarianism.
Caleb Garling is a San Francisco Chronicle staff writer. E-mail: email@example.com
Copyright 2013 - San Francisco Chronicle