Skip to content

Instantly share code, notes, and snippets.

@eliaskg
Forked from dhh/Basecamp-DDOS.md
Created March 24, 2014 15:11
Show Gist options
  • Save eliaskg/9742079 to your computer and use it in GitHub Desktop.
Save eliaskg/9742079 to your computer and use it in GitHub Desktop.

Basecamp is under network attack

Criminals have laid siege to our networks using what's called a distributed denial-of-service attack (DDoS) starting at 8:46 central time, March 24 2014. The goal is to make Basecamp, and the rest of our services, unavailable by flooding the network with bogus requests, so nothing legitimate can come through. This attack was launched together with a blackmail attempt that sought to have us pay to avoid this assault.

Note that this attack targets the network link between our servers and the internet. All the data is safe and sound, but nobody is able to get to it as long as the attack is being successfully executed. This is like a bunch of people blocking the front door and not letting you into your house. The contents of your house are safe -- you just can’t get in until they get out of the way.

We're doing everything we can with the help of our network providers to mitigate this attack and halt the interruption of service. We're also contacting law enforcement to track down the criminals responsible. But in the mean time, it might be a rough ride, and for that we're deeply sorry.

DDoS criminals have attacked and tried to extort many services lately. Just a few weeks ago, Meetup was attacked, and it took a whole weekend of fire fighting before they were out of the woods. There is unfortunately no single, quick fix to these attacks, so we regretfully ask for your patience in advance. As said, we're doing everything we can, and will work as quickly as possible, but it's impossible to give a clear timeline for ultimate resolution.

The only thing we're certain of of is that, like Meetup, we will never negotiate by criminals, and we will not succumb to blackmail. That would only set us up as an easy target for future attacks.

We'll keep everyone updated through http://status.basecamp.com and Twitter (@37signals). Again, terribly sorry about this lousy way to start the week.

--

UPDATE: Attacker identified as being responsible for similar attacks (9:55am central time, March 2014)

We've learned that the very same criminals currently attacking and trying to extort us hit Fotolia.com just last week. We're comparing notes with them, as well as reaching out to our friends at Meetup, GitHub, and anyone else who recently have been attacked. The blackmail came from an address matching this pattern: dari***@gmail.com. If you have been extorted by this person, please get in contact so we can compare notes on both technical defenses and the law enforcement effort to hunt them down.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment