Basecamp falls to blackmail-fueled denial of service attack
Users of the popular web-based project management app Basecamp may have a hard time loggoing on the service Monday morning. The company behind the app, also named Basecamp (formerly 37Signals), says it is under a distributed denial of service (DDoS) attack from extortionists hoping to make a quick buck.
The DDoS attack means the company's marquee product as well as its other services such as Backpack, Campfire, and Highrise may also be unavailable.
The DDoS started Monday morning around 9:45 A.M. Eastern/6:45 A.M. Pacific, peaking at 20Gbps. The attack was "launched together with a blackmail attempt that sought to have us pay to avoid this assault," Basecamp said in a post on GitHub.
If you are a Basecamp user, the company says your data is safe as the DDoS is only affecting the link between Basecamp servers and the public Internet:
Note that this attack targets the network link between our servers and the internet. All the data is safe and sound, but nobody is able to get to it as long as the attack is being successfully executed. This is like a bunch of people blocking the front door and not letting you into your house. The contents of your house are safe -- you just can’t get in until they get out of the way.
This is the second reported DDoS/extortion attempt in recent weeks. Popular event planning service Meetup in late February said it came under a similar attack.
Basecamp says it will continue to fight off the DDoS attack and refuses to pay to stop the DDoS as that would expose the company to similar attacks in the future.