​How Airtasker survived the day the 'Russians came to town'

Australian online outsourcing platform Airtasker stopped a potential breach because it had an alert system in place, its CTO has revealed.

One Sunday night, online outsourcing platform Airtasker found itself the victim of an attack, with CTO Paul Keen receiving real-time alerts on his phone while at home playing with his kids.

Keen told the New Relic Future Stack '17 conference in Sydney on Tuesday that it was the time "the Russians came to town".

"I got an alert that said there was a whole bunch -- 400 errors -- coming through, which is abnormal," he explained. "We had a look, and what they were basically doing was running a script that had a whole bunch of usernames and passwords, and they were trying to find a match."

Keen said Airtasker trapped it and blocked the particular user, which he described as a bandaid solution that would prevent any further spamming coming through that would drastically affect the uptime of the online-only company.

The next day, Keen and his team trawled through the logs to see what had occurred, and saw which usernames and passwords had actually matched.

"We used New Relic to be able to find that, and we combined that with our logging with Sumo Logic to be able to go deep down," he said.

"We found out that some people did have a match, and suddenly there was a guy in Austin, Texas, who was snooping around using those accounts and having a good look; we're Australia only, so that's clearly not a real user."

As a result, the "Russians" -- the individual in Texas -- was blocked.

Keen said it's a good idea to have alerting systems in place to prevent situations like this from going any further.

Earlier this year, Airtasker launched a television advertisement campaign. Although not as serious as an intentional attack, the online company found itself in a position where it had to prepare for spikes in traffic.

"This huge Yosemite-like cliff face comes along," Keen said regarding Airtasker's traffic. "We just kept going down every time we were on TV."

He said that Airtasker didn't actually know when it would be on TV, so it had to prepare for a spike in traffic at any time.

"What we needed to do was make sure we put a lot of dashboards around there," he added.

PREVIOUS AND RELATED COVERAGE

Domino's Australia looking into former supplier as source of customer spam

The pizza chain said it is conducting an investigation into how some of its customers were spammed.

Most APAC firms have suffered breach, but security still not priority at board level

Some 86 percent of Asia-Pacific businesses have experienced a cybersecurity breach in the last two years, but just 44 percent believe security still is not a top discussion point for their board members.

Commonwealth Bank partners with Airtasker for identity verification

The bank has provided the online outsourcing company with a pilot identity verification solution for its customers.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All