Distributed Denial of Service Attacks: Why Meetup was down

This week meetup.com was unavailable on and off for several days. The website was targeted by one or more hackers with a distributed denial of service attack, or DDoS. According to meetup’s blog, this attack was an attempt at extortion, because the hacker asked for $300, which seems like an absurdly small amount of money from a website like meetup. The hacker also claims to be employed by a competitor, which also sounds dubious. After several days, we now know that the attack was actually 3 separate attacks over the course of 4 days or more. As of this blog post, the website is back up and it is not expected to go down again in the near future.

 

A DDoS attack is a difficult problem to have.  Viruses that attack personal computers are a completely different problem and are comparatively easy to prevent.  These get on to a personal computer usually because the user downloads and runs something that allows the virus to run on their machine.  This is easily preventable if the user just watches what they click on and runs anti-virus software to be safe.

A DDoS attack is different. When you access a website, you are contacting a server.  You tell the server what you want and also where to send the returning information. The server then sends your computer the information it needs to view the website.  Not all interactions on the internet work like this.  With certain forms of data transfer, a computer can request information from a server and  give the server a different return computer.  This is called “spoofing,” because the first computer is pretending to be the second computer.  Basically, the computer requests information from a server and instead of the information going back to the original computer, it gets sent to meetup.com or whomever is the victim of the attack.  To make things worse, there are certain servers to which you can send a small amount of data and get a large amount of data back. So a hacker can send a small amount of data to a server, tell the server that it is meetup.com, and the meetup will get sent the large amount of data.  If they do this many, many times, the “pipeline” of data to the meetup server gets clogged, and no one can access the website.  One of these kinds of attacks that is currently prevalent is called an NTP amplification attack.  Here is another great article on NTP amplication attacks.  It is now known that this was the type of attack experienced by meetup.

NTP Attack from CloudFlare website

There is a group currently trying to get Internet Service Providers like Cox to prevent users from spoofing or pretending to be a computer that they are. This organization is called BCP38. Unfortunately, most ISPs are not interested in implementing this solution. They don’t feel like it would give them any benefit, because they’re not the ones experiencing the attack.

At any rate, we at Nerdy Girls are really happy that Meetup is back up and running!

Happy computing, and Happy Meetuping!

2 thoughts on “Distributed Denial of Service Attacks: Why Meetup was down

Comments are closed.