Basecamp, makers of the popular online project management software of the same name (which as of this February became the company’s main focus) was hit with a distributed denial-of-service attack (DDoS) this morning, rendering its services temporarily unavailable. The company disclosed this news in a blog post, explaining that the “criminals” behind the DDoS had also tried to extort money in return for stopping the attack – a request that Basecamp smartly refused.
According to the post, the company worked with their network providers to mitigate the effects of the DDoS instead of giving in to attackers’ demands, though it admitted that the attack could very well start up again at any time.
Apparently, the group responsible for this and other attacks has a habit of stopping and starting an attack at random intervals.
Notes the post:
We’ve been in contact with multiple other victims of the same group, and unfortunately the pattern in those cases were one of on/off attacks. So while things are currently back to normal for almost everyone (a few lingering network quarantine issues remain, but should be cleared up shortly), there’s no guarantee that the attack will not resume.
So for the time being we remain on high alert. We’re collaborating with the other victims of the same group and with law enforcement. These criminals are sophisticated and well-armed.
Basecamp confirms that no user data was compromised in the attack, and apologized for the outage. Users seemed fairly forgiving, however, with supportive tweets and messages to the company – likely not only because of Basecamp’s beloved status in the tech community, but also because the company took great efforts at keeping its users updated via a number of channels, including status.basecamp.com, Twitter, and an off-site Gist powered by GitHub.
On Gist, Basecamp founder and CTO David H. Hansson explained in more detail that those behind the attack were likely the same group behind other, similar attacks from last week. Fotolia.com, for example, was a recent victim of a similar attack, as were others, including GitHub and Meetup.com. In that latter case, Meetup’s DDoS actually saw them experiencing a multi-day outage, only stopping after they brought in CloudFlare’s assistance.
At the time, CloudFlare told us that these new DDoS attacks were more powerful than before, as the criminals were taking advantage of flaws in older Internet protocols that were not originally secured very well. In Meetup’s DDoS, the attackers use the NTP – or Network Time Protocol – which is a protocol that’s use to sync time clocks between multiple servers.
Hansson tells TechCrunch this morning that they have not confirmed exclusively whether or not Basecamp was also attacked by those who went after Meetup, but “the pattern and MO were very similar.” Like Meetup’s attack, this one also used NTP, but not exclusively – it was the combination of UDP and NTP this time around. The peak size of the attack is also currently unknown because, after it topped 20 Gbps, Basecamp dropped all traffic.
Hansson also says Basecamp is now working with law enforcement to help track down the criminals, and a full summary of what happened will be provided on SignalvNoise.com within 48 hours.
While Basecamp wasn’t a CloudFlare customer, CEO Matthew Prince agrees that the MO does seem to match the Meetup attackers, noting also that there’s been “a significant increase in extortion-based attacks” targeting technology companies like this over the past three months.