GitHub is one of the most popular code archives, however it was attacked by a massive DDoS attack on 28 February. This attack caused their website to be flooded with an astounding, 1.35 terabit per second (Tbps) of traffic. This was the most powerful DDoS attack ever recorded.
The threat actors tried to exploit memcached servers and worked towards an amplification attack. They refused to rely on bots and decided to do things their own way. Their hacking procedure involved them spoofing the IP address of the victim first and then repeatedly sending of User Datagram Protocol (UDP) requests to the memcached server.
The increased traffic at the rate of 1.2Tbpd even caused some Internet services across America to shut down. However, GitHub survived the attack and only went through a few minutes of desultory downtime.
GitHub claimed in a blog saying that they experienced a significant volume of DDoS attack between 5:21 PM to 5:00 PM on 28th of February. They further added, “The attack originated from over a thousand different autonomous systems (ASNs) across tens of thousands of unique endpoints. It was an amplification attack using the memcached-based approach described above that peaked at 1.35 Tbps via 126.9 million packets per second.”
GitHub’s site was able to survive this attack because of Akamai’s DDoS mitigation service- they took over the site within minutes of the attack and started to reroute the incoming traffic from GitHub to its scrubbing centers.
Josh Shaul the Vice President at Akamai’s web security told WIRED that they have modelled their capacity in such a way that they can handle 5 times the biggest attack the internet has ever seen. He further added saying, “So I would have been certain that we could handle 1.3 Tbps, but at the same time, we never had a terabit-and-a-half come in all at once. It’s one thing to have the confidence. It’s another thing to see it actually play out how you’d hope.”
GitHub continued to reroute their traffic for a few hours to ensure that the attack was resolved. Shaul suspected that the attackers made GitHub a target because it is a high-profile service and it would be very difficult and impressive to bring it down. The attacked may have been hoping to extract ransom but the duration of this attack was very short and since it didn’t have a large impact it was not worth the ransom.
According to Akamai the attack on GitHub could be done by threat actors to leverage weak memcached servers. Akamai added in a blog saying, “Because of memcached reflection capabilities, it is highly likely that this record attack will not be the biggest for long.”
Source: Wired
