Collaborative website taken out of service
06/03/18 at 09:01
On February 28th, the collaborative development platform GitHub was the victim of a denial of service (DDoS) attack considered as historical. It is indeed to date the biggest attack of this type perpetrated against a website.
DDoS attacks are not used to steal user data, but to disable websites for a variety of reasons. They consist of sending hundreds of thousands or even millions of requests against a server until it is no longer able to process them and stops. This time, the hackers have released the heavy artillery … During the attack, GitHub servers received a record load of up to 1.3 terabytes of data per second! Beyond the unprecedented massive volume of queries, the authors employed a new technique that could well be a landmark. They exploited a security flaw of a technology called "Memcached" that optimizes the performance of highly visited websites by storing cached data on the memory instead of soliciting the databases. With this technique the hackers take advantage of an exponential DDoS amplification greatly increasing the power of the attack. Tens of thousands of terminals were used to lead this attack.
GitHub reacts quarter-turn
In a report published on his blog, GitHub explains that his site has been out of order for only ten minutes. It states that several tens of thousands of ghost servers have been used to lead this attack. But GitHub engineers were particularly responsive and managed to thwart the massive attack by redirecting requests to servers from Akamai, a company specializing in anti-DDoS protection. This is probably only the beginning of a long series of attacks by Memcached which promises to be …