It went down for five minutes.
Yes, unlike the last record-breaking DDoS attacks, which caused disruption to major services for days — GitHub was able to quickly mitigate the attack so that few users would have even been aware of the downtime.
The attack was launched on Wednesday last week and GitHub was unavailable from 17:21 to 17:26 UTC. In an issue of IoT News magazine, I interviewed F-Secure Research Analyst Sean Sullivan and he raised the point that a DDoS attack does not have to be a PR nightmare.
A great example is when hacker group Lizard Squad launched its attacks on online gaming services. PlayStation Network was down for weeks and caused a lot of reputational damage. In contrast, Xbox Live recovered quickly and boosted its credentials.
GitHub was humble enough to post an apology for its five minutes of downtime, but no service is completely invulnerable to a large enough DDoS. The way it recovered is commendable.
In terms of the scale of the attack, the DDoS peaked at 1.35Tbps. It took advantage of ‘memcaching’ — a distributed memory system known for high-performance and demand — to amplify the traffic volume by around 50 times.
The attackers spoofed GitHub’s IP address in order to control the memcached instances that GitHub said are “inadvertently accessible on the public internet.”
It’s unknown at this point who carried out the attack, but GitHub is a common target. Back in 2015, it’s suspected the Chinese government was behind an attack on GitHub which lasted five days because the company was hosting software used to bypass its strict ‘Great Firewall’ internet censorship system.
More details can be found in this GitHub blog post.
What are your thoughts on the GitHub DDoS attack? Let us know in the comments.