GitHub hit by DDoS attack

The collaborative coding platform GitHub became the subject of a DDoS attack on August 25, its second this year after having been targeted by a massive attack in March. The issue first appeared at 3.05 pm IST, according to GitHub’s status log, when administrators began inspecting “connectivity problems”. By 4.08 pm, the issues were identified to be the result of a DDoS attack. At 4.36 pm, it was mentioned that the attack was ongoing. The last updates from GitHub said at 6.22 pm that normal service had been restored and that the situation was being monitored closely, and at 7.19 pm that everything was “operating normally”.

DDoS stands for distributed denial-of-service, where thousands of IP addresses – often spoofed – ping a target IP and force it to respond. A ping, according to SC Magazine, is “a type of networking utility that determines whether or not a host is reachable, and how long it takes to be reached”. It’s a very small packet of data that, if echoed back by the target, signals that the target IP is live. But with a swarm of pings, the effect over time is that the target IP address is brought down, or crashes, unable to handle the traffic.

For the people perpetrating the attack, the intent is to make the target address unavailable to legitimate users. At 5.40 pm, the Norse Corp map of live DDoS attacks identified two prominent target locations in the United States, one of which (around the Missouri-Illinois-Iowa area) was the subject of an intense assault from the South East Asian and south European regions.

A map of ongoing DDoS attacks. Source: Norse Corp
A map of ongoing DDoS attacks. Source: Norse Corp

GitHub has been the subject of multiple DDoS attacks in its history. The platform is effectively a collection of repositories, or projects that developers are working on, and attackers miffed by the contents of individual repositories often take down the entire site. It was on the back of similar concerns that the Chinese government blocked GitHub in China in January 2013, and the Indian government for a short while in December 2014.

While DoS attacks have been around since the 1990s, DDoS attacks kicked in in 2000, with one of the first targets being Yahoo!. The difference is that DoS attacks originate from a single source while DDoS attacks are distributed across multiple sources. They’re also impossible to anticipate, very difficult to defend against, and very difficult to track down. Attackers have been known to go after all kinds of online services – from banks to government sites to gaming tournaments. According to an Akamai report released earlier this month, India is the fourth largest target of DDoS attacks worldwide, accounting for 7.43% of all attacks. Interestingly, as writes, “China is … both the largest source and target of attacks on web applications”.