OpenAI has linked the recent outage of ChatGPT and its API to a distributed denial of service attack.
Image credit: Adeel Ahmed/Shutterstock
ChatGPT was hit by a distributed denial of service (DDoS) attack on Wednesday, OpenAI confirmed in a status update on Thursday. The attacks were reportedly orchestrated by a group of Russian-backed cybercriminals calling themselves the “Sultans of Anonymous.”
"We are dealing with periodic outages due to unusual traffic patterns caused by DDoS attacks. We are continuing to work to mitigate this," the company said.
The group reportedly claimed responsibility for the Telegram attack in retaliation for OpenAI's support for Israel.
A distributed denial of service attack is a malicious attempt to disrupt access to a targeted server, service, or network by overwhelming it with large amounts of Internet traffic.
The problem emerged on Tuesday, with reports of sporadic outages of ChatGPT and its API starting at 10:52 p.m. ET. While OpenAI said the problem had been resolved by midnight, the outages started again.
"The API and ChatGPT have been degraded again and we are continuing to investigate," the status update said, again stating that the issue had been resolved later that evening.
On Wednesday, the outages began again, starting at 8:52 a.m. ET, and lasted nearly two hours.
"Between 5:42am and 7:16pm PT, we observed an error that impacted all services," OpenAI said. "We identified the issue, implemented a fix, and are now seeing our services responding normally."
OpenAI did not respond to a request for comment.
“The simplest way to think about a denial of service attack is like a phone line,” David Schwed, COO of blockchain cybersecurity firm Halborn, said in an interview. “If you have 10 phones on your line and they call you from 20 phones at the same time, they’re going to jam the line and not be able to get calls.”
Schwed explained, “It’s a denial of service; if you have 10 gigabits of bandwidth, they’re flooding it with more bandwidth than the device on the other end can handle.”
He added that because DDoS attacks come from different locations simultaneously, their distributed nature makes them nearly impossible to stop through IP filtering or blocking.
“It’s just coming from millions of infected machines and IoT devices that are launching HTTP queries, pings or whatever queries they have against a server or a router,” he said, adding that the network operations center would notice that someone has gone wrong before the information even reaches the end user based on the unusual amount of bandwidth being consumed.
Schwed warned that while network operations centers have ways to divert "bad traffic," a large enough attack could also bring down those machines, adding that companies might just have to wait out the attack.
While denial of service attacks may be new to AI chatbots, the blockchain industry has been dealing with this form of cyberattack for years. The popular Solana network has been the target of a series of attacks.
In September 2021, a denial of service attack paralyzed the network for more than 17 hours. In May 2022, Solana was attacked again by a bot swarm called “Candy Machine”, which launched a denial of service attack on the network. In June 2022, the Move-to-Earn game Stepn on the Solana network was attacked by a distributed denial of service attack.
After a difficult July 2022, the Solana Foundation told Decrypt in an email that it has now achieved 100% uptime since February of this year, with significant improvements in network performance. #OpenAI #服务中断
