According to GitHub network boss Sam Kottler, the February 29 attack peaked at 1.3 TB, making it larger than the Dyn cyber attack that took out websites across the US last year. The attack began at 17:21 and was mitigated by 17:30 thanks to Akamai’s DDoS mitigation service. The attackers abused Memcached instances to send huge amounts of data, amplifying the attack by up to 51,000. It’s not the first time GitHub has been the target of DDoS attacks, with Chinese government suspected as one of the attackers in a five-day 2015 attack. Over the past year, GitHub has been hardening its infrastructure, but it doesn’t seem to have been enough in this case. In the future, it’s promised to “[make] GitHub’s edge infrastructure more resilient to current and future conditions of the internet and less dependent upon human involvement.”
Microsoft and GitHub
Kottler says the company is aware of how much businesses rely on GitHub to succeed, and that can’t be take for Microsoft. Statistics last year revealed that the company has the most open source contributor on the platform, numbering at over 16,000. Projects such as Visual Studio Code, Bing Search components, and PowerShell are all hosted on the platform, as well as Chakra JavaScript Engine, the CTNK Toolkit, and more. Alongside Microsoft are over 331,000 active organizations that rely on the platform, with 5.8 million active users. It’s essential that GitHub is able to mitigate such attacks in the future, and it seems to be on the right path. DDoS attack mitigations often takes over an hour, while GitHub’s was completed in minutes.
