GitHub Briefly Taken Offline In Largest-Ever DDoS Attack

One of the most powerful distributed denial-of-service attacks (DDoS) ever seen briefly took down the website of GitHub.

A DDoS attack typically aims to force websites and web-based services offline by bombarding them with so much traffic that their services and infrastructure cannot handle it all.

And GitHub revealed in a blog post that this cyber attack at its peak reached an incredible 1.35Tbps.

DDoS Attack

The DDoS attack took place on Wednesday, 28 February, GitHub explained in the blog post. It said its website was completely unavailable, or intermittently unavailable, for a period of just nine minutes.

It seems the attackers carried out the DDoS by “abusing memcached instances”. This a distributed memory system known for high-performance and demand, and it allowed the attackers to hugely  amplify the traffic volumes they were firing at GitHub.

The attackers apparently initially spoofed GitHub’s IP address and then took control of memcached instances that GitHub said are “inadvertently accessible on the public internet.”

The result was a colossal amount of incoming traffic for GitHub.

But impressively, GitHub’s network monitoring system had noticed the ramping of incoming traffic, and after calling in the oncall network engineer, the decision was made to immediately call in the specialists, namely Akamai.

“Given the increase in inbound transit bandwidth to over 100Gbps in one of our facilities, the decision was made to move traffic to Akamai, who could help provide additional edge network capacity,” GitHub blogged.

“At 17:26 UTC the command was initiated via our ChatOps tooling to withdraw BGP announcements over transit providers and announce AS36459 exclusively over our links to Akamai,” GitHub revealed. “Routes reconverged in the next few minutes and access control lists mitigated the attack at their border. Monitoring of transit bandwidth levels and load balancer response codes indicated a full recovery at 17:30 UTC. At 17:34 UTC routes to internet exchanges were withdrawn as a follow-up to shift an additional 40Gbps away from our edge.”

GitHub said that the first portion of the attack peaked at 1.35Tbps and there was a second 400Gbps spike a little after 18:00 UTC.

Other Attacks

DDoS attacks can be highly damaging and outages can last much longer than just nine minutes.

Last October for example the UK National Lottery confirmed a DDoS attack was behind an outage that took its website and mobile application offline for more than an hour during peak time.

Last year the hacking group CyberTeam claimed responsibility for a Skype outtage thanks to a DDoS attack that blighted the service for two whole days.

Research from Kaspersky Lab last year also found that businesses believe they are more likely to be targeted by DDoS attacks from rival firms than cyber criminals.

It found that 43 percent of businesses who had fallen victim to a DDoS attack believed their competitors were behind it, while just 38 percent considered cyber criminals the more likely suspects.

DDoS attacks are generally launched from networks of computers whose users have unwittingly downloaded malicious code, with a recent trend seeing attacks launched from internet-connected devices including Android handsets and tablets.

Do you know all about security? Try our quiz!