This week Elance.com was hit by a considerable DDoS attack that left freelancers and employers unable to access their work. The company took to their mass emailers to reassure customers that although Elance had been hit by one of the largest DDoS attacks in its 15 year history, no personal information, financial data, or account details had been stolen or compromised during the assault which lasted nearly two days by the time all was said and done.
“This morning at 6:00 am PDT, we experienced a significant denial-of-service attack on our servers. This malicious attack caused an influx of traffic to our website making it unavailable to all visitors. While we are working hard to make the site fully functional again, we are still experiencing intermittent issues. This is the first attack of this kind to Elance.com and is similar to other attacks that have made news headlines in recent months.”
So far the only information we’ve been able to gather about the nature of the DDOS is that it may have been an NTP reflection attack, which relies on thousands of computers linked up through Microsoft’s time/date management program to throw the might of their entire network in any direction those in control of it choose.
Elance’s once rival but now partner Odesk was also hit by a similar attack, however neither company has come forward yet to confirm whether the two issues were related or not.
It’s still unclear who was behind the botnet or where the traffic that shut down services was sourced from, but engineers close to the situation have reason to suspect it could be related to other DDoS efforts which have been popping up in stranger and stranger places over the past few months.