OpenAI experienced a series of distributed denial of service (DDoS) attacks targeting API and ChatGPT services over the past 24 hours.
While the company has yet to reveal specific details about the source of these attacks, OpenAI recognized that they are experiencing “periodic outages due to an abnormal traffic pattern that reflects a DDoS attack.”
Users affected by these incidents reported experiencing errors such as “something seems to have gone wrong” and “There was an error creating a response” when accessing ChatGPT.
This latest wave of attacks follows a major outage affecting ChatGPT and its API on Wednesday, along with some ChatGPT outages on Tuesday and increased error rates on Dall-E on Monday.
OpenAI displayed a banner across the ChatGPT interface, attributing the outage to “extremely high demand” and reassuring users that efforts were being made to scale their systems.
The Anonymous Sudan threat actor group claimed responsibility for the DDoS attacks on OpenAI. According to the group, the attacks are a response to OpenAI’s bias towards Israel and Palestine.
The attackers used the SkyNet botnet, which recently added support for application layer attacks, or layer 7 (L7) DDoS attacks. In Layer 7 attacks, threat actors flood application-level services with a massive volume of requests to overwhelm the targets’ server and network resources.
Brad Freeman, Director of Technology at SenseOncommented:
“Distributed Denial of Service attacks are Internet vandalism. Low effort, low complexity, and in most cases more of a nuisance than a long-term threat to a business. Often DDOS attacks target services with large volumes of traffic that may be ‘out of scale’, from their cloud or ISP.
However, since the attacks are at Layer 7, they will target the application itself, so OpenAI will need to make some changes to mitigate the attack. It’s possible that the threat actor is sending complex queries to OpenAI to overload it, I wonder if they’re using AI-generated content to attack AI-generated content.”
However, the attribution of these attacks to Anonymous Sudan has raised suspicions among cybersecurity researchers. Some experts suggest this could be a sham operation and the group may have links to Russia, which, along with Iran, is suspected of inciting the bloodshed and international outrage to benefit its domestic interests.
The situation once again highlights the ongoing challenges faced by organizations dealing with DDoS attacks and the complexity of pinpointing the perpetrators.
(Photo by Johann Walter Bantz on Unscrew)
Want to learn more about AI and big data from industry leaders? Checkout AI & Big Data Expo takes place in Amsterdam, California and London. The comprehensive event is co-located with Cyber Security & Cloud Expo.
Explore other upcoming corporate tech events and webinars powered by TechForge here.