GitHub Briefly Taken Offline In Largest-Ever DDoS Attack

One of the most powerful distributed denial-of-service attacks (DDoS) ever seen briefly took down the website of GitHub.

A DDoS attack typically aims to force websites and web-based services offline by bombarding them with so much traffic that their services and infrastructure cannot handle it all.

And GitHub revealed in a blog post that this cyber attack at its peak reached an incredible 1.35Tbps.

DDoS Attack

The DDoS attack took place on Wednesday, 28 February, GitHub explained in the blog post. It said its website was completely unavailable, or intermittently unavailable, for a period of just nine minutes.

It seems the attackers carried out the DDoS by “abusing memcached instances”. This a distributed memory system known for high-performance and demand, and it allowed the attackers to hugely  amplify the traffic volumes they were firing at GitHub.

The attackers apparently initially spoofed GitHub’s IP address and then took control of memcached instances that GitHub said are “inadvertently accessible on the public internet.”

The result was a colossal amount of incoming traffic for GitHub.

But impressively, GitHub’s network monitoring system had noticed the ramping of incoming traffic, and after calling in the oncall network engineer, the decision was made to immediately call in the specialists, namely Akamai.

“Given the increase in inbound transit bandwidth to over 100Gbps in one of our facilities, the decision was made to move traffic to Akamai, who could help provide additional edge network capacity,” GitHub blogged.

“At 17:26 UTC the command was initiated via our ChatOps tooling to withdraw BGP announcements over transit providers and announce AS36459 exclusively over our links to Akamai,” GitHub revealed. “Routes reconverged in the next few minutes and access control lists mitigated the attack at their border. Monitoring of transit bandwidth levels and load balancer response codes indicated a full recovery at 17:30 UTC. At 17:34 UTC routes to internet exchanges were withdrawn as a follow-up to shift an additional 40Gbps away from our edge.”

GitHub said that the first portion of the attack peaked at 1.35Tbps and there was a second 400Gbps spike a little after 18:00 UTC.

Other Attacks

DDoS attacks can be highly damaging and outages can last much longer than just nine minutes.

Last October for example the UK National Lottery confirmed a DDoS attack was behind an outage that took its website and mobile application offline for more than an hour during peak time.

Last year the hacking group CyberTeam claimed responsibility for a Skype outtage thanks to a DDoS attack that blighted the service for two whole days.

Research from Kaspersky Lab last year also found that businesses believe they are more likely to be targeted by DDoS attacks from rival firms than cyber criminals.

It found that 43 percent of businesses who had fallen victim to a DDoS attack believed their competitors were behind it, while just 38 percent considered cyber criminals the more likely suspects.

DDoS attacks are generally launched from networks of computers whose users have unwittingly downloaded malicious code, with a recent trend seeing attacks launched from internet-connected devices including Android handsets and tablets.

Do you know all about security? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

US DoJ Charges Six Russian GRU Officers For Cyberattacks

Hackers also targeted this year's delayed Olympic Games in Tokyo says UK, as the US…

1 hour ago

Google Discloses Biggest-Ever DDoS Attack

Google says it successfully fended off a 2.5 Tbps denial-of-service attack in 2017, making it…

1 day ago

Microsoft Issues Two Emergency Windows Patches

Microsoft publishes out-of-band patches for bugs in Visual Studio Code and Windows Codecs Library that…

1 day ago

Zoom Introduces Paid Events, In-Meeting Apps

Zoom aims to capitalise on its massively increased user base with platform for paid events…

1 day ago

European Telecoms Trade Group Warns Against Banning Chinese Vendors

Banning Chinese telecoms equipment vendors for political reasons will increase costs and delay network upgrades,…

1 day ago

Twitter Changes Policy On Blocking ‘Hacked Materials’

Twitter will no longer block links to articles containing hacked materials, following criticism over treatment…

1 day ago