Shotspotter Blog

Update on Ongoing Denial of Service (DDoS) on US Cloud Computing Service Providers

The United States is currently experiencing a wave of Distributed Denial of Service (DDoS) cyber attacks from overseas to a number of US sites and service providers. The countries of origin include China, Russia, Thailand, and parts of Eastern Europe. SST and ShotSpotter services, along with many other cloud-based services, have been affected. Over the past several years, attacks of this type leading up to all major US and International holidays have become more common, but the scale and volume of this attack are unprecedented. The attacks began in earnest at approximately 09:25 PDT on Saturday, 28 June 2014.

The ongoing DDoS cyber attack appears to be have been a non-specific attack (i.e., targeted broadly at US industry and not specifically at SST or ShotSpotter). We have received industry feedback that there is a substantial wave of this activity directed at the US leading up to the holiday weekend and that we were not alone in having to respond to this event.

Earlier this year, we opened a new, geographically redundant East Coast data center, in order to share the computational load from our growing ShotSpotter Flex installation base across the country. Despite this expansion, and the substantial increase in computational power it delivered, the volume of traffic we have received over the past several days necessitated that we rapidly replace and double our firewall capacity to ensure that ShotSpotter services are not impacted going into the upcoming July 4 holiday weekend.

The nature of this attack was designed to flood our sites and network connections with an overflow of activity. Denial of service attacks work by overwhelming servers with “bogus” traffic, thus starving legitimate connections and customers of computing resources. These DDoS attacks have been limited to our first-line (“edge”) firewalls and have not penetrated to our operational systems. We run several layers of security technology, including intrusion detection systems, and to our knowledge no penetration has occurred and our systems remained secure. The only impact to date has been to our access and communications.

To remediate the attack, we have taken a number of steps, including to limit access to our servers from entire geographic regions of the world. We have also deployed additional hardware and software and engaged in a number of TCP/IP configuration exercises to further limit the attack. We are working with our upstream Internet providers (AT&T, Comcast, and Telepacific) at our two data centers to further limit traffic upstream at the backbone and BGP level.

We will continue to monitor the situation and counter the attack aggressively. If, in the interim, you have any questions, please do not hesitate to contact SST customer support at

David Holeman
Senior Director of Customer Support

July 02, 2014
By: David Holeman, Senior Director of Customer Support