Below is an article I found very interesting because…
- No DDoS attack has ever been this large (this is about 1/400th of all internet traffic according to Hacker News)
- The article didn’t mention it, but I’d bet a lot of money that this has to do with Crypto directly. Maybe the hackers are just testing the waters?
I am under the suspicion that whoever attacked GitHub in this massive way was attempting to get a hold on the network in a way that would allow them to manipulate some sort of cryptocurrency without the public stopping it (since it is open-source), most likely targeting bitcoin. But maybe that’s just me binieing a conspiracy theorist…(Conspiracy Sunday anyone?).
Bitcoin’s code is found on GitHub and can be edited I believe by anyone (although I personally cannot code). However there are checks in place that prevent anyone from changing the code in a way that is against Bitcoin’s nature, I’m not sure how, but this sort of attack might prevent those “checkers” or people who stop the bad guys from “checking” if you know what I mean.
“The vulnerability via misconfiguration described in the post is somewhat unique amongst that class of attacks because the amplification factor is up to 51,000, meaning that for each byte sent by the attacker, up to 51KB is sent toward the target.”
-Sareph, Hacker News
- See Internet Traffic Stats Here
- Is it possible that someone could steal a lot of bitcoin by simply hacking the GitHub? I mean, if they were smart, and I mean really really smart. Is this possible?
If there are any nerds out there, I’d love to hear what you’ve got to say about this, so comment below!
Yesterday, the internet’s favorite code repository, GitHub, was hit by a record 1.35-terabyte-per-second denial-of-service attack—the most powerful recorded so far. Yet, the website only endured a few minutes of intermittent downtime.
The attacker, likely realizing their efforts were for naught, withdrew after less than an hour. GitHub was able to suffer the attack and keep kicking thanks to Akamai’s DDoS mitigation service.
“Between 17:21 and 17:30 UTC on February 28th we identified and mitigated a significant volumetric DDoS attack,” GitHub wrote in an autopsy of the event Thursday. “The attack originated from over a thousand different autonomous systems (ASNs) across tens of thousands of unique endpoints.”
Per GitHub, the angry little person (or people) responsible employed an amplification attack, whereby an attacker spoofs a target’s IP address and repeatedly sends byte-sized (UDP) requests to memcached servers—data-caching systems, which are intended to improve database performance, that problematically return a hugely disproportionate amount of data.
Because the attacker spoofed GitHub’s IP, the responses flooded toward the site at more than a terabyte per second.
Tod Beardsley, research director at Rapid7, called the attack a “harbinger of the new world of DDoS.”
“Unless and until these vulnerable memcached servers are themselves booted off the Internet,” Beardsley said, “they will remain as an irresistibly attractive means for firing packet cannons at any target one might choose, all with no botnet infrastructure required.”
The good news is, you can mitigate memcache-based amplification attacks by setting up an incoming rate-limit on port 11211, according to Akamai.
“Because of its ability to create such massive attacks, it is likely that attackers will adopt memcached reflection as a favorite tool rapidly,” the company wrote in a Thursday blog post. “Additionally, as lists of usable reflectors are compiled by attackers, this attack method’s impact has the potential to grow significantly.”