Github Hit with 1.35 Terabit Per Second Denial of Service Attack
UPDATE: The article says that the 1.35 terabit attack is the largest on record. Well it was. For FOUR days. Using the same technique another U.S. based but unnamed service provider was hit with a 1.7 terabit per second attack a few days after the Github attack.
Denial of Service attacks (called DoS or DDoS) are an attempt by a hacker to stop other legitimate users from using a service, typically a web site, that the hacker is mad at for some reason or is being paid to bring down. These attacks, by themselves, do not steal any data. Sometimes, DDoS attacks are used as a distraction from a real attack – kind of like a bank robber starting a warehouse fire across town while the bank is being robbed, to distract the police.
Back in the dark ages – like ten years ago – a denial of service attack was considered large if it hit 20 gigabits per second. To put that in perspective, today a personal home Internet connection could be as fast as 1 gigabit per second, so that kind of attack would be like 20 homeowners ganging up on a web site to take it down.
Over the last ten years, the size of DDoS attacks has grown. A lot!
This week Github, a popular web site with software developers, was hit with a DDoS attack that measured 1,350 gigabits per second. That might be 75 times bigger than what was considered a large attack ten years ago.
This chart shows the history of DDoS attack size over the last 20 years:
These attacks could happen because someone thought the owner of the site treated him or her badly or even launched (illegally, of course) by a competitor.
Sometimes these attacks last for a few minutes; other times they can last for days or, rarely, weeks.
If your business came under attack and the attack lasted for a few minutes, you would be annoyed but it probably would not have a major impact on your revenue or your reputation.
But what if it lasted for an hour? Or a few hours.
One reason hackers launch DDoS attacks is to demand ransom.
If you don’t pay the extortion demand, we will launch a sustained attack on your business, Or periodic, relatively short but totally random, attacks. What would the business impact of that be? Likely more damaging.
Not only is the size of these attacks growing, but the absolute number of attacks is growing – Akamai, one of the vendors that can protect you against these attacks, said that attacks were up 14% between 4Q2016 and 4Q2017 and those growth numbers are modest compared to other quarters.
The good news is that there are services, some free, some paid, that help businesses protect themselves.
For large attacks like the Github attack, the services are all paid because of the amount of resources required to neuter the attack.
For smaller attacks the free services should work just fine.
BUT, you cannot buy these services after an attack is active because it takes some time for the process to kick in. To be completely technically accurate, you can buy the service after the attack starts, but if you do, you may be down for hours until the new address of your website, for example, propagates across the Internet. You could even be down for days as you reprogram parts of your site work work with the new software.
My recommendation for all businesses is to subscribe to one of the free services now. It will take some work to tweak them to make it work for each web site, so do that before someone points a machine gun at your web site. You can always upgrade to the paid service if you ever need it.
For more details on exactly how Github dealt with the attack, read the article on Wired.