Our website makes use of cookies like most of the websites. In order to deliver a personalised, responsive and improved experience, we remember and store information about how you use it. This is done using simple text files called cookies which sit on your computer. These cookies are completely safe and secure and will never contain any sensitive information. By clicking continue here, you give your consent to the use of cookies by our website.

Tuesday, 05 January 2016 11:48

How the BBC solved their New Year DDoS attack with the cloud

Written by 

The hundreds of gigabytes per second major DDoS attack on the BBC at New Year were solved by switching to Akamai’s cloud-based content delivery network, but the effects are still being felt.

There’s an interesting deconstruction from Paul Mutton of UK network analytics business Netcraft of  the effects of the DDoS attack on the BBC on New Year’s Eve, that we could all learn some valuable lessons from.

For those of you who were offline over Christmas and New Year and didn’t see the news, the BBC was hit with a very powerful DDoS attack on New Year’s Eve, that put the site out of action for three and a half hours between 7am and 10.30am, and at points exceeded 600Gbps of request traffic – enough to kill any site even the strongest military sites.

According to Mutton, the way the BBC got themselves out of the DDoS hell was to instigate Akamai’s cloud-based Content Delivery Network (CDN) network which instead handled the requests for the BBC worldwide and in the process improved the BBC’s performance.

“At the time of the attack, www.bbc.co.uk was served from a netblock owned by the BBC. It seems that service was restored by migrating the site onto the Akamai content delivery network, after which there were no apparent outages.”

netcraft bbc news ddos attack new year

“Moving www.bbc.co.uk onto the Akamai CDN also resulted in some significant performance benefits, particularly from locations outside of the UK. For example, prior to the attack, most requests from Netcraft's New York performance collector took around 0.4-0.6 seconds to receive a response, whereas after the site had migrated to Akamai, all requests were served in well under 0.1 seconds. These performance benefits are typical when using a globally distributed CDN, as cached content can be delivered from an edge server within the client's own country, rather than from a remote server that can only be reached via transatlantic cables.”

For those of you, that thought that a DDoS attack was just a temporary attack there’s more worrying news as Mutton explains the DDoS attack is still ongoing.

“The performance chart for news.bbc.co.uk shows massive outages long after the DDoS attack on New Year's Eve. Adding

“It is unclear whether this indicates a separate ongoing attack, or an attempt at mitigating such attacks, but nonetheless, it is likely to affect lots of users: Many old news articles are still served directly from news.bbc.co.uk, and some users habitually reach the news website by typing news.bbc.co.uk into their browsers.”  

The source of the attack according to the BBCs Technology Correspondent Rory Cellan-Jones has  been identified as  New World Hacking (@NewWorldHacking) a small group of 12 anti-ISIS hackers who were testing out the power of the DDoS systems and chose the BBC to ‘test’ the system. Apparently they never meant for it to kill the site in quite the way it did.  New World Hacking said in a tweet, "It was only a test, we didn't exactly plan to take it down for multiple hours. Our servers are quite strong."

The moral of the story, - if there is one - is that even a site as big and capable as the BBC can fail if enough requests are thrown at it, and that the only way to survive is to have a Plan B that involves switching to a CDN like Akamai and to plan it in advance and have it ready to switch to at a moments notice. The BBC has sufficient clout to be able to get Akamai engineers on the case at a moment’s notice on New Year’s Eve; your site won’t be as lucky.  

1 comment

  • Comment Link James herbert Tuesday, 05 January 2016 14:25 posted by James herbert

    Update from Netcraft 1.20pm on the 5th

    "This site's availability was restored to normal at the same time that the main BBC website moved off Akamai. This suggests that the connection resets were a deliberate attempt to mitigate basic DDoS attacks, rather than as a direct side effect of a sustained DDoS attack. However, this approach was not ideal – while some browsers (such as Chrome) would automatically retry the connection attempt (often successfully), other browsers would give up at the first failure."


Leave a comment

Make sure you enter the (*) required information where indicated. HTML code is not allowed.



255x635 banner2-compressed