Basecamp, the popular online project management service used by several hundred thousand small businesses, was under a distributed “denial-of-service” (DDoS) attack for about two hours, earlier today. The service appeared to be restored around 10:45 a.m., central time. According to the company, the attack was carried out by criminal hackers intent on blackmailing the company.
Writing on GitHub, Basecamp co-founder and CTO David Heinesmeier Hansson said:
“The goal is to make Basecamp, and the rest of our services, unavailable by flooding the network with bogus requests, so nothing legitimate can come through. This attack was launched together with a blackmail attempt that sought to have us pay to avoid this assault.”
Similar blackmail attempts have been launched recently at other popular web services, including Meetup.
Like Meetup, who refused to pay off the criminal hackers despite the seemingly small ransom of $300 Hannson wrote, “We will never negotiate (with) criminals, and we will not succumb to blackmail. That would only set us up as an easy target for future attacks.”
At the time of their attack, Meetup CEO Scott Heiferman to Reuters they refused to pay the small ransom becaused they believed that by doing so, it would make the perpetrators of the attacks demand more money.
The attack on the Chicago-based Basecamp started today around 8:45 a.m. central time. At 10:56 a.m. central time, a company update reported that service has been restored for 95% of customers.
Company status updates are being sent through these three channels:
- GitHub
- http://status.basecamp.com
- Twitter (@37signals)