2 min Security

Microsoft GitHub involved in DDoS attack on open source library

Microsoft GitHub involved in DDoS attack on open source library

Servers of the project GMP suffered a DDoS attack from an odd attacker last month. In fact, investigations revealed that hundreds of Microsoft servers were involved in the attack. According to the GMP project, GitHub’s architecture provides a quick pass to such attacks, Microsoft shifts the blame.

Torbjörn Granlund, director of GMP, revealed the news in a message to newsletter subscribers. “The GMP servers are being attacked by hundreds of IP addresses through collaboration with Microsoft,” Granlund said. GMP is a free open-source Web site where visitors can find a library for arbitrary precision calculations.

It was impossible to keep the GMP repo active without intervention from the organization. It was therefore decided to deny access to all IP addresses originating from a Microsoft device.

“We don’t know if this was made from bad intentions by Microsoft, if it was a mistake, or if someone from their cloud customers was behind the attack,” Granlund clarified.

Microsoft investigation

Later, Microsoft launched its own investigation into the incident. The day after the attack, it became clear that a GitHub Actions Workflow was behind it. It copied a Mercurial repository for this purpose.

“Microsoft and GitHub investigated the problem and determined that a GitHub user updated a script within the FFmpeg-Builds project that pulled content from gmplib.org,” explained Mike Blacker, director of threat hunting. “This build is configured to run parallel concurrent tests on 100 different types of computers/architectures.”

Ban remains

The GMP project decided to continue sending all requests originating from IP addresses managed by Microsoft directly to the firewall. On its website, the statement reads, “After the problem was brought up here and on the GMP mailing lists, a Github rep responded by minimizing the problem and blaming our servers for the denial-of-service attack. They did nothing to stop the attack! In fact, a week later, it’s still going on.”

According to the GMP project, GitHub’s architecture can be too easily abused to launch such attacks. “Github’s setup encourages “forks” of their projects, and such forks then pull in changes to the parent project by default.”

Also read: Research shows Millions of GitHub repos vulnerable to RepoJacking