Event ticket seller Ticketmaster experiences the traffic equivalent of a huge DDoS attack every time a major gig or show goes on sale, necessitating a steady migration to the cloud. That’s according to Simon Tarry, director of engineering strategy at the firm, speaking to V3 ahead of the V3 Cloud and Infrastructure Live event on 20 and 21 April 2015. “Ticketmaster’s been handling web traffic for almost two decades now, so we’ve built up our own infrastructure, and part of the problem with that, as a US company, is we’ve grown through acquisition and bought up a lot of ticketing businesses round the world – as well as all the infrastructure that comes with it,” Tarry explained. With ticketing platforms scaling, and a growing audience increasingly consisting not just of fans “but automated bots as well”, Tarry said Ticketmaster’s existing infrastructure was reaching critical mass. Ticketmaster currently handles around 1,300 users per second at peak times. “We basically suffer huge DDoS attacks from a large on-sale, so we try to separate our human traffic from bot traffic,” Tarry told V3 . Having already been using a private cloud for the past three years, Ticketmaster is now going through a “strategic push” to AWS. “We’re assessing at the moment that kind of journey – how to move what we have into an AWS architecture. So a lot of planning and training is going on right now,” Tarry said. The initial migration to private cloud was an e-commerce stack for a one-off event. “We tried that first, as a short project, as it was limited in scope to a certain degree,” said Tarry. “But we made a lot of assumptions about the infrastructure that weren’t true,” he added. “So we had to challenge a lot of our thinking about the infrastructure and how it would perform. The key criteria for us is to handle a very large on-sale on any platform.” Keeping the lights on and maintaining the ability to cope with a punishing level of traffic was achieved by “strong tooling”, said Tarry, including load testing products from SOASTA. Mechanisms to interrogate the traffic in order to block out traffic Ticketmaster doesn’t want also help in this. “Part of our DevOps culture is a kind of ‘swat team’ of guys who play ‘hunt the bottleneck’, spending time diagnosing, testing, and finding the next problem,” Tarry said. “Ultimately, when we’re cloud based we want that capacity on-tap – it’s not something you can just do,” he said. “You need to configure your systems to use that capability.” Source: http://www.v3.co.uk/v3-uk/news/2451092/ticketmaster-turns-to-the-cloud-to-handle-ddos-level-traffic-during-big-event-launches
More here:
Ticketmaster turns to the cloud to handle ‘DDoS-level’ traffic during big event launches
Staminus Communications Inc ., a California-based Internet hosting provider that specializes in protecting customers from massive “distributed denial of service” (DDoS) attacks aimed at knocking sites offline, has itself apparently been massively hacked. Staminus’s entire network was down for more than 20 hours until Thursday evening, leaving customers to vent their rage on the company’s Facebook and Twitter pages. In the midst of the outage, someone posted online download links for what appear to be Staminus’s customer credentials, support tickets, credit card numbers and other sensitive data. Newport Beach, Calif.-based Staminus first acknowledged an issue on its social media pages because the company’s Web site was unavailable much of Thursday. “Around 5am PST today, a rare event cascaded across multiple routers in a system wide event, making our backbone unavailable,” Staminus wrote to its customers. “Our technicians quickly began working to identify the problem. We understand and share your frustration. We currently have all hands on deck working to restore service but have no ETA for full recovery.” Staminus now says its global services are back online, and that ancillary services are being brought back online. However, the company’s Web site still displays a black page with a short message directing customers to Staminus’s social media pages. Meanwhile, a huge trove of data appeared online Thursday, in a classic “hacker e-zine” format entitled, “Fuck ’em all.” The page includes links to download databases reportedly stolen from Staminus and from Intreppid, another Staminus project that targets customers looking for protection against large DDoS attacks. The authors of this particular e-zine indicated that they seized control over most or all of Staminus’s Internet routers and reset the devices to their factory settings. They also accuse Staminus of “using one root password for all the boxes,” and of storing customer credit card data in plain text, which is violation of payment card industry standards. Staminus so far has not offered any additional details about what may have caused the outage, nor has it acknowledged any kind of intrusion. Several Twitter accounts associated with people who claim to be Staminus customers frustrated by the outage say they have confirmed seeing their own account credentials in the trove of data dumped online. I’ve sent multiple requests for comment to Staminus, which is no doubt busy with more pressing matters at the moment. I’ll update this post in the event I hear back from them. It is not unusual for attackers to target Anti-DDoS providers. After all, they typically host many customers whose content or message might be offensive — even hateful — speech to many. For example, among the company’s many other clients is kkk-dot-com, the official home page of the Ku Klux Klan (KKK) white supremacist group. In addition, Staminus appears to be hosting a large number of internet relay chat (IRC) networks, text-based communities that are often the staging grounds for large-scale DDoS attack services. Source: https://krebsonsecurity.com/2016/03/hackers-target-anti-ddos-firm-staminus/