An Networks Perspective on the Github DDoS
In case you’re not constantly combing the news for every little security fracture and hack, you should know about the single worst DDoS (Distributed Denial of Service) attack on Github that the code repository hosting web service has ever seen. The anatomy of a DDoS attack isn’t altogether too complicated in any way–the underlying premise is that, by rapidly sending an immense volume of requests to a server, an attacker can temporarily keep the server so busy that it becomes completely inaccessible to normal users. Now, if these requests were coming from a single computer, then the defending server could easily rate-limit its IP address, restricting the rate at which it processes its requests. Thus, DDoS attacks must be performed with some immense network of computers, with unique and unpredictable IP addresses, making it impossible to predict where the next request will be coming from.
Usually there are ways to mitigate these attacks, and it’s not entirely easy to somehow acquire a network of devices that can be used to execute this attack. However, in March 2015, just earlier this year, a group of hackers executed an attack on Github–and it seemed to have its origins in China. The genius behind this attack is exactly in the execution–the hackers did not have to hack millions of computers and build a network of infected bots to launch an attack. Instead, the hackers took advantage of the huge structure of the internet.
We have seen how the internet is really just a gargantuan network of nodes, with a single “Giant Strongly Connected Component.” To understand DDoS attacks with this framework in mind, it is helpful to understand that each node has a given “bandwidth” of requests it can process and handle. Then, we see that the internet is pulsing and flowing with users, moving from site to site. Within this framework, it is easy to see that a DDoS attack is generally an overflow of “visitors” to a given node.
Now, to take down Github, Chinese hackers actually injected code into Baidu (China’s largest search engine, which receives roughly 63 million unique visitors every day). The code they injected caused the browsers of roughly 1% of Baidu’s visitors to repeatedly load two targeted Github pages. In our network framework, this is represented by adding an edge from the Baidu web-node to Github, which is tantamount to unleashing a dam upon a small bumbling brook by comparison. Needless to say, the entire Github network was down for over a day, so that all of Github’s services were inaccessible to anyone who tried to make a request. This is one of the most extreme examples of the vastness of the internet, and how much energy and power actually flows through it.
References: https://github.com/blog/1796-denial-of-service-attacks