

Who is DDOSing GitHub and why? - pootch


======
rogerbinns
My guess would be a hack of some kind (eg compromising a popular project's
code or downloads) and then using the DDOS as a smokescreen. This is something
bad guys are increasingly doing with banking hacks - steal the money and then
divert everyone's attention with a DDOS. That makes it a lot harder for the
victims to find out what happened and distracts the financial institution.

More info: [http://krebsonsecurity.com/2011/11/ddos-attacks-spell-
gameov...](http://krebsonsecurity.com/2011/11/ddos-attacks-spell-gameover-for-
banks-victims-in-cyber-heists/)

~~~
dguido
Um, no. The reason they DDoS financial institutions is so they have a chance
to cash out the stolen goods immediately. Stolen financial data has an
expiration date and the DDoS extends that just long enough for it to be
useful.

DDoS'ing github because you trojaned a source tree calls attention to the fact
that you did it. Only the dumbest of all hackers would do such a thing and
that is almost certainly NOT what is happening here. When you trojan a source
tree, it only becomes useful after your intended victim downloads and installs
it, which can take months or even years.

~~~
rogerbinns
If you DDOS GitHub as a whole, how does that call attention to the one project
a bad guy has trojaned?

If the project has mostly "commercial" developers then chances are they work
on it during the week. DDOS GitHub during the week and let off for the
weekend. That gives a few days worth for your trojan to be downloaded by the
unsuspecting. People will also have tired hearing about the "github news" so
new news about trojaning will take a little longer to disperse.

~~~
mememememememe
But... what commercial projects can possibly be on GitHub that worth this
trouble? Facebook's C++ compiler? ....

If there is such commercial product, it would have been self-hosted. Not
GitHub.

~~~
rogerbinns
Here are some random ones off the top of my head. I'm happy to accept that you
can't think of any value of these to bad guys, but the bad guys are not
limited by your or my imagination.

MongoDB and all the drivers <https://github.com/mongodb>

Mixpanel analytics libraries <https://github.com/mixpanel>

Sencha Javascript libraries <https://github.com/senchalabs>

Yahoo YUI and various other JS related gunk <https://github.com/yahoo>

Shopify ecommerce libraries <https://github.com/Shopify>

Engine Yard tools & utils <https://github.com/engineyard>

------
redegg
The typical botnet operator cycle:

1) Send email to <large_site_here>, asking for a large ransom, preferably in
Bitcoins.

2) If <large_site_here> does not pay, fire your packet cannons at them.

3) Rinse and repeat.

~~~
colinbartlett
Wait, seriously? Is this a common thing? I've not heard a lot of noise about
ransom demands.

~~~
xal
It's very common to target ecommerce stores like this. Specifically jewellery
stores for some reason. Probably because it's a luxury good and somehow botnet
owners link that to wealth of the owners. We host tens of thousands ecommerce
stores and sometimes get these forwarded. We estimate that our customers
receive at least one a month. DDOS attacks are a weekly to bi-weekly occurance
for us.

The internet is a messy place.

~~~
sbarre
I would love to hear more about how you mitigate them.. Or is this part of the
"secret sauce" for hosting companies?

~~~
xal
yes, if we describe it, people will start "unit testing" their botnets against
us.

~~~
sbarre
Fair enough! That makes sense...

------
freestyler
Maybe the CVS users.

~~~
troels
Nah, they wouldn't launch a _distributed_ dos attack, would they now?

~~~
vukmir
That's exactly what they want you to believe.

Never underestimate the frightening power of a large number of evildoers
hitting F5.

------
danblick
On the motives for DDOS attacks -
[http://www.securelist.com/en/analysis/204792189/DDoS_attacks...](http://www.securelist.com/en/analysis/204792189/DDoS_attacks_in_Q2_2011)

------
eloisius
Probably someone that wants to practice with their botnet. GitHub is a
formidable target.

------
lallouz
This was pretty interesting on launching a massive DDOS and how to stop one.
<http://hackerne.ws/item?id=4535226>

------
kfinley

      Pages is currently being hit with a DoS attack.[0]
    

I suspect the target maybe a site that is hosted on Github Pages, maybe a
blog. The attackers may not be targeting Github directly.

[0]: <https://status.github.com>

------
dclausen
Could it have something to do with their $100MM sitting in the bank?

[http://techcrunch.com/2012/07/09/github-pours-energies-
into-...](http://techcrunch.com/2012/07/09/github-pours-energies-into-
enterprise-raises-100-million-from-power-vc-andreesen-horowitz/)

------
sejje
They're not overly successful--I've had some slow page loads, but no serious
interruption of service.

~~~
zalew
I noticed yesterday I can't install anything through <https://>, git:// urls
work fine

~~~
eridius
You sure it was https? For a short time they blocked port 80 specifically so
git:// and <https://> would be able to work.

~~~
Tobu
Yeah, I had one <https://> clone stop in mid-download. I repeated it
immediately and it stopped midway again, I tried again after half an hour or
so and it went through.

This was before they disabled port 80, so I expect this was resource
exhaustion, the smart-https git service wasn't completely isolated from the
DDOS target.

------
angry-hacker
I know GitHub is down, but how do you know someone is ddosing it?

~~~
lexy0202
<https://status.github.com/>

------
Pym
Bitbucket?

~~~
hmart
Hardly believe that (Atlassian owned) Bitbucket is doing such attack.
Bitbucket offers free private repos, not just git but mercurial hosting.
Although way less popular, I think Bitbucket has features to gain ground in
the long run without the need of tactics like DDOSes.

~~~
RegEx
It was a lame joke, but the amount of "whoosh" in this thread is a bit mind
boggling.

------
click170
Github is being DDOS'd? I hadn't noticed. And I use Github. Every day.

~~~
eridius
You must not have used it yesterday then ;)

------
dguido
Probably to watch all of Hacker News squirm.

~~~
dguido
What? You guys don't think that HN is enough troll bait for someone to spend
$100 to DDoS a web property you care about?

~~~
randomchars
Who has grudge on us?

~~~
dguido
No grudge necessary. This comment thread is lulzy enough by itself. Watching
an entire user community freak out over not being able to access their source
code in real time over HTTP is a good enough payoff.

------
adgar2
If you aren't being DDOSed, you aren't an interesting service.

------
mememememememe
Why is it so hard to guess? Obviously GitHub is popular. Most popular sites
have been DDOSing. People perform DDOS either they hate that site, they want
to gain something out of it, or they just want to turn it down for fun. Stop
speculating. It's really simple...

~~~
pootch
OK yes, but who hates GitHub and how could you possibly hate Github enough to
bother with going to the trouble? Maybe its just kids who knows but, I guess I
never understand why people waste their time doing things that have zero
possible positive benefit to themselves.

~~~
mememememememe
Zero possible positives? Ideally, hackers, not crackers, are supposed to HELP
companies and organisations to discover their loopholes before it was too late
for them. So many attacks are friendly. Many hacker groups (not crackers)
would steal stuff and post the irrelevant stuff online just to remind the
infrastructure team that they did a bad job.

But on the other hands, Github is a popular site, and it attracts many users
so people can spawn lots of PC to create mass attack. Why not? It's a popular
site so they want to test how well their tools can keep up with GitHub. People
would assume that as of today, 2012, operation engineers have learned enough
to protect and recover from DDOS.

GitHub team did a very good job recovering. Not bad. But certainly the
infrastructure is still not able to handle such DDoS. GitHub needs to invest
more money on that to secure service.

Whatever the reason might be, it's not necessary to speculate. In some movies,
we even had banks / investors hired others to crack their own banks or stores
next to the bank to destroy critical evidence (financial loss). That's a scam.
Maybe we should speculate if it was GitHub's own DDOs? God knows. Everyone
will call me crazy if I believe in such thing. No I don't think it was GitHub,
but let me remind everyone these strange things happened before in both
fiction an real life. But the point I want to make is no one knows and it
shouldn't matter.

Whoever attacks it is not important at all. GitHub will learn from this and
make the service more reliable.

------
trotsky
Why does anybody ddos anything? Pretty much the same reason you carve your
name in a tree or drive super slow with the bass up so high it sets off
everyone's car alarms.

------
hmart
Only a very well orchestrated DDOS using a botnet has the endurance and
strength of this attack. One can think that they are distributing some malware
through github or that an anti USA hostile government agency is reaping code.
Only Github knows.

~~~
ihsw
How does one spread malware through github when the website (and all it's
services) are down?

~~~
mansoor-s
I'm dying from laughter

~~~
saraid216
This seems relevant: <http://www.penny-arcade.com/comic/2007/7/16/>

