Github has weathered the biggest DDoS attack in history with just 10 minutes of downtime, according to new reports.
The code-sharing site was subjected to a colossal 1.35Tbits/sec surge in traffic, as unknown hackers attempted to take the platform offline. The attack was foiled by Akamai Prolexic’s anti-DDoS protections, which Github automatically activated shortly after detecting the spike in traffic.
“We understand how much you rely on GitHub and we know the availability of our service is of critical importance to our users,” said Github site reliability engineering manager Sam Kottler in a blog post detailing the incident. “To note, at no point was the confidentiality or integrity of your data at risk.”
“Making GitHub’s edge infrastructure more resilient to current and future conditions of the internet and less dependent upon human involvement requires better automated intervention. We’re investigating the use of our monitoring infrastructure to automate enabling DDoS mitigation providers and will continue to measure our response times to incidents like this with a goal of reducing mean time to recovery,” he said.
According to Ashley Stephenson, CEO of Corero Network Security, this attack also demonstrates the speed with which the cyber criminal community will jump on any new vulnerability.
“It is just a few days since the memcached reflection/amplification vulnerability became widely known. Within a week the largest DDoS ever reported lands on our doorstep, an event that will make mainstream news,” explained Stephenson.
“Meanwhile, Corero has observed a steady ramp in the past few days of memcached based attacks on the wider community. The terabit attack will grab the ‘biggest and baddest’ headlines casting a shadow that will obscure the thousands of businesses worldwide that have been hit with smaller but equally disruptive DDoS attacks leveraging the memcached vector during the past week.”