ChatGPT: OpenAI Attributes Regular Outages to DDoS Attacks

The popular generative AI application ChatGPT experienced recurring outages this week on both the ChatGPT interface and the associated API, according to its own status page.

The company attributed the recurring disruptions to a distributed denial of service (DDoS) attack resulting in high error rates in the API and ChatGPT itself, and said that it's undertaking a series of countermeasures to get the service back up and running.

"We are experiencing periodic outages due to an abnormal traffic pattern indicative of a DDoS attack," the OpenAI status page explained.

According to the statement, ChatGPT itself, all OpenAI API services, Labs and Playground were affected.

The company reported the first major outage on November 8, and has since reported the problem has been "identified and resolved," without going into further detail.

"The incident has been resolved and status of our services have returned to normal," the status page noted.

ChatGPT, Chatbots an Attractive New Cyberattack Target

A current check on ChatGPT did not reveal any ongoing problems, but some believe that the platform can expect plenty of attention from cyberattackers in general going forward.

"While every company is being attacked, AI companies are treasure troves as they have access to a lot of valuable data," says Rahul Pawar, global vice president, security GTM, CTO, GSS at Commvault. "The attack in this early stage of AI is aimed to tarnish the image of AI."

DDoS attacks can often mask data exfiltration efforts, and he predicts this will be one of many such attacks the company will have to fend off. He adds that defending against them will take extra attention. DDoS attacks, after all, have become more sophisticated, and ironically often use AI to further sophisticate the botnet attack modules.

"Multiple layers, Web application firewalls, load balancers, and identifying the attack traffic are key ways to stay ahead of this," he explains. "Most of these techniques are already in use by public cloud companies, and ChatGPT will have to develop mitigation strategies."

The outages came following OpenAI's recent milestone of surpassing 100 million weekly active users, which it revealed at its first in-person event on Monday.

During the event, the company also introduced its most powerful AI model, GPT-4 Turbo, and unveiled a feature enabling users to create personalized versions of ChatGPT.

Anonymous Sudan Hacktivists Claim ChatGPT DDoS Responsibility

While OpenAI has not yet commented on who is behind the attacks, hacker group Anonymous Sudan claimed responsibility for the DDoS attacks via its Telegram channel.

The group, which taunted the company during the outage in another Telegram post, cited OpenAI's cooperation with Israel as one of the motives and claimed the AI is also used to develop weapons — "AI is now being used in the development of weapons and by intelligence agencies like Mossad" and that Israel uses this technology to oppress the Palestinians.

OpenAI's status as an American company also apparently made it a target of the hacker group anyway, as it generally "targets every American company," it said.

Anonymous Sudan, also known as Storm-1359, was founded in January and is primarily motivated by religious and political causes, focused on launching cyberattacks against any country that opposes Sudan.

The hacktivists are believed to have ties with Russian hacking group "Killnet," and researchers consider it a real possibility that it does not actually operate out of Sudan.

In April 2023, the group claimed responsibility for taking down the personal website of Israeli Prime Minister Benjamin Netanyahu and the hijacking of his Facebook account.

Anonymous Sudan may also be responsible for attacks on the websites of Haifa Port and Israel Ports Development company, making the pages inaccessible due to excessive Web traffic. And it also claimed responsibility for bringing down the National Insurance Institute's website, as well as that of Mossad, Israel's spy agency.

After Telegram initiated a suspension of Anonymous Sudan's primary account, the group has launched DDoS attacks against the platform.