The freelancer platform Elance has been under a sustained distributed denial-of-service (DDoS) attack for more than a day, making the service unavailable for many users — but apparently not compromising their data.
The attack seems to have been a so-called NTP reflection attack, judging from an Elance tweet referencing a piece I recently wrote about the technique. Such attacks use botnets and badly configured NTP servers — essentially time checks for computers’ clocks — to amplify a small amount of data into a large one that overpowers the targets’ systems.
Mountain View, Calif.-based Elance has over 4 million users (it will roughly double that through its upcoming merger with chief rival oDesk). It’s not clear how many have been affected by the outage, as a company spokeswoman told me only that “some users have not been impacted.”
One comment on my February DDoS story suggests that oDesk was also down in the last day, though it’s not yet clear whether this was connected to the Elance attack.
Elance’s spokeswoman said by email that the attack began at 6am PT on Monday and remains ongoing, albeit sporadically. She didn’t respond to a question about the possible motivation, but she did say Elance had defenses in place to ward off DDoS attacks on its service, and has “since invested in new technology to try to thwart the attackers.”
“We have a unique community of both businesses and freelancers and we’ve reached out to inform them about the attack and let them know that none of their data was compromised but to expect delays. Both sides of our community have been very responsive and sympathetic.”