Multiple U.S. federal law enforcement authorities and a third-party security firm are investigating massive Distributed Denial of Service (DDoS) attacks and unauthorized logins targeting Linode, a cloud service provider and data center provider that has been under attack since Christmas.
The DDoS attacks apparently made some customer websites inaccessible during January 1 and 2. The victims caught in the fallout included WP Engine -- a popular WordPress hosting provider -- and ChannelE2E (yours truly).
ChannelE2E, which had been hosted in Linode's Atlanta-based data center, documented the DDoS attacks and the numerous countermeasures launched by Linode's engineers. WP Engine has since relocated our site out of that target data center.
Linode DDoS, Login Security Investigation
Now, the DDoS attack is taking another mysterious turn: A Linode security investigation into the unauthorized login of three accounts uncovered two Linode.com user credentials on an external machine. As a precaution, Linode has expired all manager passwords, and is promoting users to set new passwords upon their next login.
According to a Linode blog posted today:
"The entire Linode team has been working around the clock to address both this issue and the ongoing DDoS attacks. We’ve retained a well-known third-party security firm to aid in our investigation. Multiple Federal law enforcement authorities are also investigating and have cases open for both issues. When the thorough investigation is complete, we will share an update on the findings."
Adding insult to injury, the DDoS attack specifically targeted Linode's blog today. At this point, Linode says it has no information about who is behind the unauthorized logins and the DDoS attacks -- and whether they are related. Nor has the company been contacted by anyone taking accountability or making demands.
Still, it sounds like the Linode investigation could shift from a defensive posture into a potentially criminal matter.
Channel Partners and DDoS Attacks
For channel partners and managed services providers, the DDoS attacks are a timely reminder to carefully pinpoint where customer data is stored -- and how it's protected.
In ChannelE2E's case, we didn't realize that our hosting provider (WP Engine) was running our website in Linode's Atlanta data center until after the attacks started. That small piece of information would have helped us to track Linode's progress against the attacks, rather than checking in with WP Engine for status updates and second-hand information.
The net outcome for us was fine. After some outages on January 1 and 2, ChannelE2E has been operating normally thanks to recent steps by Linode and WP Engine.