This article exposes Microsoft GitHub being accused of DDoSing, a crucial open-source project, causing server slowdown. Readers gain insight into the incident’s impact and response.
In a surprising twist, Microsoft’s GitHub is under fire after allegedly launching a Distributed Denial of Service (DDoS) attack on an indispensable open source arithmetic library called GMP. This library lies at the heart of GCC and various other essential programs. The incident led to a significant slowdown of the GMP project’s servers due to an overwhelming surge of network traffic from Microsoft servers.
Torbjorn Granlund, the principal author of GMP, raised concerns through a note on the project’s mailing list. He stated that hundreds of IP addresses owned by Microsoft Corporation were targeting the GMP servers. Granlund expressed uncertainty about whether this was a deliberate act of malice by Microsoft, a mistake on their part, or the unintended consequence of one of their cloud customers running the attack. The assault specifically focused on the GMP repository, flooding it with numerous identical requests meticulously designed to create a heavy system load. To combat this unexpected onslaught, the GMP team had to take immediate action and implement emergency firewall measures by blocking all Microsoft IP addresses.
The following day, Mike Blacker, the director of threat hunting, operations, and response at Microsoft’s GitHub, delved into the issue to uncover the root cause. He discovered that a GitHub Actions Workflow was to blame. The workflow involved cloning a Mercurial repository and had been forked over 700 times. Apparently, a user had updated a script within the FFmpeg-Builds project, which then pulled content from https://gmplib.org. This particular build was configured to simultaneously run tests on 100 different types of computers and architectures. Blacker clarified that there was no evidence of malicious intent behind these actions. Instead, the GMP project’s infrastructure was simply ill-equipped to handle the sheer volume of requests generated by the parallel testing.
Despite efforts to resolve the situation, the excessive traffic continued to pose a problem even in the subsequent days. The GMP project acknowledged that while their servers were fully accessible again, it was due to the implementation of additional firewall rules blocking Microsoft’s network ranges. They also noted they were not the first project to take such measures against GitHub. When asked about his satisfaction with Microsoft-GitHub’s response, Granlund revealed that he had only received minimal communication from them. In response, he took matters into his own hands by blocking around 40 IP ranges associated with Microsoft. While the traffic from these addresses persisted, it caused minimal disruption and could be easily managed.
The incident raises concerns about the responsibility of platforms like GitHub, operated by Microsoft, in handling code management and preventing unintentional disruptions to other projects. Collaboration is a cornerstone of the open-source community, and it is vital for organisations like Microsoft-GitHub to proactively address and prevent such incidents from recurring, ensuring the smooth functioning of the ecosystem.