What you need to know
- Since around noon PST ChatGPT has been under a DDoS attack confirms OpenAI.
- If you are using ChatGPT and receive error messages stating "too many requests" it is likely due to an ongoing DDoS attack.
- A hacktivist group called Anonymous Sudan has claimed credit for the attack.
- It is unclear whether the attack has ceased or if not, when it will end.
ChatGPT has been giving users issues for the last 18 to 20 hours. One user on Reddit posted, explaining that they were getting an error message with the API: error 429, too many requests.
I used ChatGPT extensively yesterday for a story and received error message after error message. Some said my limit was reached even though I have ChatGPT Plus; some said that there was high traffic and query results would be delayed. Several times I submitted a query, I wouldn't get a response, and the AI bot would break.
This bizarre behavior now makes sense in light of the announcement from OpenAI today that they are being DDoS'd.
What is a DDoS attack?
DDoS stands for distributed denial of service and varies from a regular denial of service attack because the attack is distributed to several different hosts, making it much harder to block. The image I used ChatGPT 4 to create at the top of this article illustrates the concept quite well.
The tower in the middle would be OpenAI's servers, and all of the computers around it are being used to send millions of packets to the server simultaneously so that legitimate traffic can't get through. It is often used by hacktivist groups, who state they are hacking companies or people they are politically opposed to, which on the surface appears to be what is happening to OpenAI and ChatGPT today.
We are dealing with periodic outages due to an abnormal traffic pattern reflective of a DDoS attack. We are continuing work to mitigate this.
OpenAI
Who is behind the DDoS attack on ChatGPT?
A hacktivist group named Anonymous Sudan has taken credit for the attack on OpenAI and ChatGPT, citing a political motive behind the attack stemming from what Anonymous Sudan says is a pro-Israel OpenAI.
They negate any validity of this being the actual cause of their attack by stating simply, "OpenAI is an American company, and we still are targeting any American company." So, it seems for some of these hacktivist groups, and it matters not your words or actions; if you are a company, or likely a person that belongs to a particular nation or group they dislike, it is open season for you and your ilk.
It is essential to note that this group DDoSed Microsoft earlier in the year and was investigated by cybersecurity professionals. They concluded that this group is likely not who they say they are. The Cybersecurity firm CyberCX claims that Anonymous Sudan is "part of the pro-Russia hacker group Killnet" and is likely receiving funding and resources from Russia in Russia's mission to "drive division in society" and disrupt the West.
“They (Russia) don’t really care about the issue … anti-racism, pro-environment or whatever – [they] just get into whatever it is that matters to [harm] targets. In this case, the West.”
Alastair MacGibbon, CyberCX’s CSO
This argument has weight as the cost to operate a significant and sustained DDoS attack is not cheap and would cost tens if not hundreds of thousands of dollars and require extensive infrastructure to pull off.
So, who is behind the DDoS attack on ChatGPT? For sure, it is Anonymous Sudan, but are they just a puppet having their strings pulled by a Russia sick of Western sanctions? I don't have the answer, but I leave it to you to draw your conclusions.
How can companies mitigate a DDoS attack?
Several services, like managed web application firewalls, offer DDoS protection for companies. One of the most well-known is Cloudflare. Microsoft also offers DDoS protection, as do many other companies. With Microsoft's stake in OpenAI, the Microsoft security team is likely assisting in remediating this attack. However, the primary way to do that is to rate limit traffic from a single source.
This means that you make a table or graph sorting how much traffic is coming from each IP address hitting your network. In a typical DDoS attack, the malicious IPs will send so much traffic that it will be apparent, and they will stand as outliers. However, as DDoS attacks get more sophisticated, these hacker groups use many more devices to send fewer packets to blend in with regular traffic much better.
If all of the malicious IPs were sending over 1 million packets per hour per se, and no benign IP was getting anywhere near that level, then it would be easy to create a rule in the firewall to rate limit and drop any IP that is sending more than 1 million packets an hour. However, using computers, internet-of-thing (IoT) devices, and anything else the threat actor can bring into their botnet, they can still send millions of packets an hour. Still, each device only sends tens of thousands in an hour. This is the power of Distributed Denial of Service, and OpenAI has to be careful in blocking IPs so they don't disrupt business with their actual customers.
What do you think about ChatGPT being DDoS'd? Have you noticed any service outages? Let us know in the comments.
