Cyber Incident Victim: Basecamp
Date:
Mar 2014
Location:
United States of America
Summary
Basecamp experienced a distributed denial-of-service (DDoS) attack accompanied by a blackmail attempt, which disrupted service accessibility by flooding network links with bogus traffic. The attackers demanded payment to cease the assault, but the company refused to negotiate and collaborated with network providers and law enforcement to mitigate the impact, including pooling efforts with other victims targeted by the same criminals. Service was restored for most customers after the main attack subsided, though residual network issues and internet quarantine measures delayed full recovery for all users. The attackers demonstrated capabilities exceeding 20Gbps and a pattern of intermittent assaults, leaving the possibility of renewed attacks despite temporary cessation.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The Basecamp network experienced a distributed denial-of-service (DDoS) attack beginning at 8:46 AM Central Time on March 24, 2014. Criminals flooded the network with bogus traffic to disrupt legitimate access to Basecamp and affiliated services, simultaneously issuing a blackmail demand for payment to halt the assault. The attack targeted the network link between Basecamp’s servers and the internet, rendering services inaccessible while leaving customer data intact. Basecamp’s engineering team, assisted by network providers, immediately worked to mitigate the attack, which at its peak reached 20Gbps. Service interruptions persisted for most customers during the initial hours of the attack, with the company publicly refusing to negotiate with the attackers to avoid setting a precedent for future extortion. Law enforcement was engaged early to investigate the criminals, who were linked to prior attacks on other services, including Meetup, which had faced a similar DDoS and extortion attempt weeks earlier.
By 9:55 AM Central Time, Basecamp identified the attacker’s email address pattern (dari***@gmail.com) and coordinated with other victims to share technical and law enforcement intelligence. The assault began to wane around 10:21 AM as network defenses partially restored access, though the attackers were known to deploy multi-phase attacks exceeding 20Gbps. By 10:41 AM, the primary attack ceased, but residual network issues delayed full recovery, leaving some customers unable to connect due to internet-wide quarantine measures designed to contain DDoS traffic. Service was restored for approximately 95% of users by 10:56 AM, with the remaining 5% affected by lingering quarantine restrictions imposed by external networks. Basecamp maintained high alert for potential follow-up attacks based on intelligence from other victims, who reported attackers pausing before resuming with alternate methods. The company committed to publishing a full postmortem within 48 hours while continuing law enforcement collaboration to pursue the perpetrators.