Late one Wednesday in March 2015, an alarm sounded in the offices of GitHub, a San Francisco–based software firm. The company’s offices exemplified the kind of Scandinavia-meets-soullessness style that has spread out from Silicon Valley to take over modern workplaces: exposed wood, open spaces, and lots of natural light. Most employees were preparing to leave, if they hadn’t already. Outside, the sun had started to set and it was balmy and clear.
Alarms weren’t uncommon at GitHub. The company claims to maintain the largest repository of computer code in the world. It had some 14 million users at the time, and prides itself on maintaining its service and staying online. GitHub’s core product is a set of editing tools that allow large numbers of programmers to collaborate on software and keep track of changes as bugs are fixed. In October 2018, Microsoft would buy it for $7.5 billion.
Back in 2015, though, GitHub was still an up-and-coming, independent company whose success came from making it considerably easier for other people to create computer software. The first alarm indicated there was a large amount of incoming traffic to several projects stored on GitHub. This could be innocent—maybe a company had just launched a big new update—or something more sinister. Depending on how the traffic was clustered, more alarms would sound if the sudden influx was impacting service sitewide. The alarms sounded. GitHub was being DDoS-ed.
One of the most frequent causes of any website going down is a sharp spike in traffic. Servers get overwhelmed with requests, causing them to crash or slow to a torturous grind. Sometimes this happens simply because the website suddenly becomes popular. Other times, as in a distributed denial of service (DDoS) attack, the spike is maliciously engineered. In recent years, such attacks have grown more common: hackers have taken to infecting large numbers of computers with viruses, which they then use to take control of the computers, enlisting them in the DDoS attack.