GitHub Hit By The World Largest DDoS Attack

Yesterday, the internet’s favorite code repository, GitHub, was hit by a record 1.35-terabyte-per-second denial-of-service attack—the most powerful recorded so far. Yet, the website only endured a few minutes of intermittent downtime.The attacker, likely realizing their efforts were for naught, withdrew after less than an hour. GitHub was able to suffer the attack and keep kicking thanks to Akamai’s DDoS mitigation service.

What is a DDoS Attack?

A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. They target a wide variety of important resources, from banks to news websites, and present a major challenge to making sure people can publish and access important information.

GitHub Hit By The World Largest DDoS Attack
How DDoS Attack works

DDoS attacks have been carried out by diverse threat actors, ranging from individual criminal hackers to organized crime rings and government agencies. In certain situations, often ones related to poor coding, missing patches or generally unstable systems, even legitimate requests to target systems can result in DDoS-like results.

How intense was this attack on GitHub?

GitHub said the attackers hijacked something called ‘memcaching’ — a distributed memory system known for high-performance and demand — to massively amplify the traffic volumes they were firing at GitHub. To do that, they initially spoofed GitHub’s IP address and took control of memcached instances that GitHub said are “inadvertently accessible on the public internet.

GitHub Hit By The World Largest DDoS Attack
GitHub hit by DDoS Attack

The result was a huge influx of traffic. Wired reports that, in this instance, the memcached systems used amplified the data volumes by around 50 times.

GitHub called in assistance from Akamai Prolexic, which rerouted traffic to GitHub through its “scrubbing” centers which removed and blocked data deemed to be malicious. Following eight minutes of the assault, the attackers called it off and the DDoS stopped.

In total, GitHub was offline for five minutes between 17:21 to 17:26 UTC, with intermittent connectivity between 17:26 to 17:30 UTC.

Have some queries? Feel free to contact usJoin our WhatsApp Group or subscribe to push notifications and email newsletter for regular tech updates.

Leave a Reply