GitHub DDoS attack put them offline for 10 minutes
GitHub recently revealed that the web site was crippled for a full 10 minutes forcing it to be offline for 10 minutes while the engineers recovered the systems. This is one of the largest-known DDoS attack in history.
DDoS or distributed denial of service in full is a cyber attack that aims to bring websites and web-based services down by bombarding them with so much traffic that their services and infrastructure are unable to handle it all. It’s a fairly common tactic used to force targets offline.
The Chinese government was widely suspected to be behind a five-day-long attack in 2015 and this newest assault tipped the scales at an incredible 1.35Tbps at peak. This time there has been no culprit discovered but this just proves that all systems must be on the lookout from these types of attacks.
In a blog post retelling the incident, GitHub said the attackers hijacked something called “memcaching” — a distributed memory system known for high-performance and demand — to massively amplify the traffic volumes that were being fired at GitHub. To do that, they initially spoofed GitHub’s IP address and took control of memcached instances that GitHub said are “inadvertently accessible on the public internet.”
GitHub called in assistance from Akamai Prolexic, which rerouted traffic to GitHub through its “scrubbing” centers, which removed and blocked data deemed to be malicious. Following eight minutes of the assault, the attackers called it off and the DDoS stopped.
The service has become critical for any company handling code very many. So while an outage is never welcomed, the response in this case is impressive and certainly bodes well. GitHub said it continues to analyze this attack, and others, to ensure it is suitably defended.