How GitHub Survived the Biggest Ever DDoS Attack

DDoS in the form of binary code, 3D illustration
GitHub was hit with a massive DDoS attack that took down the code-sharing website for eight minutes before it was halted.

GitHub survived the largest and most powerful Distributed Denial of Service (DDoS) attack late last month.

The attack took GitHub offline for around eight minutes as the site’s DDoS mitigation service, Akamai Prolexic, took over and resolved it.

The attack directed a staggering 1.35 terabytes per second to the code distribution website, a new record that beats the 1.2 Tbps recorded for the 2016 attack on Dyn, an internet infrastructure company.

This type of attack relies on a DDoS method, which takes advantage of memcached servers—a tactic that is proving to be quite popular in recent days.

However, Akamai was prepared for such an attack and within 10 minutes, it had weeded out any suspicious packets from the system and the hackers had no option but to retreat.

The attack and the subsequent response by the mitigating team are proof of the increasing sophistication and complexity of cyberattacks and the defense systems.

GitHub later released a statement letting their users know that no data was breached and that the integrity and confidentiality of their data remained intact.

How the DDoS Attack Transpired

The hackers perpetrated the attack via memcached servers. These servers act as speed boosters to websites and networks and are accessible to any user. They respond to any queries directed to them.

They are meant to stay off the internet, but there are some that are left exposed and thereby prone to attacks by malicious hackers.

Hackers target these servers and send them special queries which they respond to with a large amount of replies to the IP address that raised the query.

The hackers who attacked GitHub first spoofed GitHub’s IP address and then sent several small queries to multiple memcached servers.

The queries could have been as many as 10 queries per second with the intention to evoke a much larger response from the server.

The servers can amplify the queries greatly and elicit a response that’s 50 times larger than the original query. This huge volume of responses directed at a network, usually at once, can impede the ability of a network to handle its customer’s traffic.

The Defense Employed by Akamai

ddos presented in the form of binary code 3d illustration
GitHub survived the largest and most powerful Distributed Denial of Service (DDoS) attack late last month.

Amplified DDoS attacks are becoming popular with hackers as they can be much more complex than other tactics, leaving the victim utterly defenseless.

However, many network infrastructure firms are developing specific defenses against these attacks.

One of the proactive methods of preventing these attacks is by encouraging networks and companies who own memcached servers to take them off the internet to make them inaccessible to hackers.

They are encouraged to keep them on internal networks which are much safer and also behind a secure firewall.

The automatic recognition and blocking of suspicious memcached traffic is another strategy that’s being used to protect networks against amplified DDoS attacks.

Network security companies can identify the specifics of the memcached attack and use this information to profile suspicious traffic.

This way, they can thwart an attack before it’s even launched, keeping them ahead of the hackers and ensuring that minimal damage is incurred if the attackers manage to organize the event.

Rising Cases of DDoS Attacks

This was not the first attack on GitHub. In fact, the site has become a common target for attackers.

In 2015, GitHub suffered a five-day outage after it was attacked by hackers who were believed to be sponsored by the government of China.

The attack was organized by a tool known as Great Cannon, which intercepts data and redirects it to the target sites.

Other sites that were targeted by Great Cannon included Great Fire, an internet freedom and anti-censorship site, and Chinese technology giant Baidu.

DDoS attacks are becoming common and are targeting diverse industries.

In 2016, U.S.-headquartered internet infrastructure company Dyn was hit with a DDoS attack in waves with the first wave lasting for two hours.

The second and third waves followed suit and directed a staggering amount of traffic to Dyn’s servers, especially those on the East Coast.

The DDoS attack, which was quite complex by 2016 standards, was finally resolved—but not before it had taken down the Internet for most of the Eastern seaboard.

Today, the network security protocols have become much more advanced and are now able to respond fast to mitigate the damage from DDoS attacks, as was witnessed with Akamai’s response in the recent GitHub attack.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.