Over the course of history, GitHub has become a major attraction for cyber-attacks. Once again earlier this week, the blog post by the web hosting designer unveiled about the attack. In the blog post, the company mentioned that they suffered because of distributed denial-of service (DDoS) attack on 28th February. The DDoS attack is aimed at putting the websites offline by bombarding them with too much of traffic.
Also read: iBOOT- The Greatest Leak of all Time
The attack
As revealed by GitHub, the attackers hacked the memory system called “memcaching” and used it to amplify the volume of data GitHub sends. The attackers sent over 51000 data and for each byte transferred by the attacker, 51KB was forwarded to the target. The blog also read that 1.35 terabit of traffic was hitting the developer platform each second. The traffic was the highest.
The blog further added, “The attack originated from over a thousand different autonomous systems (ASNs) across tens of thousands of unique endpoints.” During the incident the company took help from Akamai, a provider of cloud services. They helped in improving the security system and took over some of the traffics. The attack occurred for about 8 minutes. However, the good thing was that the attackers could not get hold of any of the customer’s data.
GitHub and DDoS
GitHub encourages about 20 million users and is basically used for open-source projects for computer coders. GitHub is one of the largest host for the source code worldwide.
Recently, DDoS has taken up an increase. Previous month, DDoS attacked the website of the national tax office of Netherlands. This attack was aimed at one of the largest banks of the world. ABN Amro, ING and Rabobank said that they were hit for a short period of time by the attack which eventually led in their disrupted mobile and online banking services.
Earlier this month, DDoS was considered to be one of those attacks which North Korea might use against the US for offensive operations as said by US Director of National Intelligence Daniel Coats. The statement was given by Daniel Coats in the “hearing of the Senate Intelligence Committee”.
Statements regarding the attack and DDoS
DDoS has recently came in the forefront. A number of companies have been trying to offer protection against it. Prior to this attack, the largest attack of DDoS ever recorded in history was that of the company Dyn in late 2016 which peaked at 1.2 Tbps. This led to disrupted connections all over the US but Dyn fought and resolved the matter very efficiently.
Josh Shaul, Vice President of web security at Akamai told WEIRD about the attack. He said, “We modelled our capacity based on five times the biggest attack that the internet has ever seen. So I would have been certain that we could handle 1.3 Tbps, but at the same time we never had a terabit and a half come in all at once. It’s one thing to have the confidence. It’s another thing to see it actually play out how you’d hope.”
Luckily, the time duration of the attack was small. Hence, the impact of the attack wasn’t much.