Anti-censorship group: China behind cyberattacks on US sites

31 Mar 2015 | Author: | No comments yet »

China behind cyberattacks on US sites, group says.

BEIJING (AP) — Chinese authorities have taken over computers both inside and outside the country to launch cyberattacks against the website of an anti-online censorship group and a U.S.-based web resource that hosts some of the group’s data, according to an analysis released by the group. INTERNET-FREEDOM advocates hope Lu Wei, China’s internet tsar, will indicate today whether the authorities have any knowledge of a raid on GitHub, an American-based website for programmers that also hosts content objectionable to China. said in a statement Monday that Chinese authorities carried out denial-of-service attacks that have intermittently shut down San Francisco-based Github over the past week. Since Thursday hackers have been hijacking web traffic intended for Baidu, the Google of China, and redirecting it to bombard two pages run by GitHub. (Baidu denies involvement.) The targeted pages link to a copy of the Chinese-language edition of the New York Times and to a copy of, a service that seeks to circumvent China’s “Great Firewall”. Started in 2011 by three anonymous individuals tired of China’s approach to the internet, it initially tracked the effects of the country’s censorship system on websites. The group said the attacks marked the first of their kind blamed on Chinese authorities and represented a dangerous escalation for a country that already tightly restricts what Chinese can see online.

The company’s engineers have been working around the clock to keep the site operational, but it won’t be easy for Github to keep resisting the sophisticated attacks. They can be the work of criminals, who hold sites to ransom or exploit weaknesses by overwhelming the servers, or of hackers operating as sovereign agents, as Russia was accused of perpetrating against Estonia in 2007. It is available in English and Chinese, and periodically tests its collection of over 100,000 URLs to produce a history of the availability/restriction for each one. The Open Technology Fund, a U.S. government-backed initiative to support Internet freedom, says on its website that it provided with $114,000 in 2014. If programmers have software they want to share — either inside the same company or with the general public — Github is the most popular way to do it.

A website is technically a “service”, a software-based system that responds in a particular way to incoming requests from client software—in this case a web browser. These days, the three founders document new instances of internet restrictions and foul play in China via the organization’s blog and @greatfirechina Twitter account.

Stories it has dug up have included apparent attacks on Apple’s iCloud service, the blocking of Instagram and messaging apps, restrictions on Google services (of course) and — most recently — details of a man-in-the-middle attack on Microsoft Outlook users in China. “In terms of blogging, we’ve amazed ourselves,” said Smith. For example, the anti-censorship project takes news articles that have been censored by the Chinese government and uploads them to Github.

But the decision was reversed just two days later, after the government got an earful from Chinese engineers, who said they wouldn’t be able to do their jobs effectively without access to the huge amount of useful computer code available on the Github site. In recent years beefier hardware and better tools to distribute incoming requests among multiple servers have made things more difficult for attackers.

Microsoft entered the scene when it confirmed that “a small number of customers [were] impacted by malicious routing to a server impersonating” — and suddenly what was initially a small discovery had become a topic in media across the world, China included. Great Fire is an invaluable resource for Asia-based tech reporters, but blogging and retroactively documented censorship isn’t going to down the Great Firewall, as China’s internet censorship organ is known. That means the government has to choose between blocking the site altogether — which could damage the competitiveness of China’s technology sector — or let its users access everything, including politically sensitive content.

When that became ineffective, distributed DoS (DDoS) onslaughts conscripted thousands of virus-infected computers, known as zombies, to bombard the target system with bogus requests from many locations at once. This kind of attack, known as a distributed denial-of-service (DDoS) attack, is designed to overwhelm Github’s servers and make the site inaccessible to legitimate users. But now specialised hardware can distinguish between real requests and those intended to harm a site, and block them before they form a tsunami of traffic. First, many of the attacks targeted two Github addresses — and — that are associated with anti-censorship projects.

Mike Rothman, a researcher at Securosis, a security firm, explains in a white paper that hardware designed to repel such attacks can be bypassed using encrypted connections (HTTPS sessions), which are typically handled directly by the server. So, if Collateral Freedom is used to host a mirror on AWS, for example, a decision to block it will knock out other services that use AWS in China.

It worked like this: when anyone located outside of China visited the Chinese search engine Baidu, the site would include code that caused the user’s computer to begin flooding Github with traffic. Baidu says it wasn’t responsible for this malicious code, which either means Baidu was hacked (it says it wasn’t) or someone was modifying Baidu pages as they traveled from Baidu to the user. Smith previously told us that censorship had “become a serious business issue,” and Great Fire’s Collateral Freedom theory works on the basis that blocking companies that provide the Internet plumbing is a step too far — but, even if the hammer did fall on them, the resulting outcry would cause significant harm for China because it would raise awareness of censorship issues in the open, Smith argued. “It’s going to be very difficult to block [Collateral Freedom sites] without causing a lot of economic damage. A new push to internationalize its efforts began this month, when Great Fire partnered with Reporters Without Borders to ‘unblock’ nine websites across 11 countries, including Russia and China.

Finally, Github itself says the attacks are an attempt at intimidation. “We believe the intent of this attack is to convince us to remove a specific class of content,” the company wrote in a terse blog post. For instance, sending huge numbers of legitimate-seeming search requests to a website, each of which uses up substantial computational power, may be more effective and harder to pinpoint than simply flooding it with bogus page requests. Great Fire previously considered expanding its efforts into other censorship affected countries, but instead it chose to open-source the basics for others to run with the ball. If all of these attacks are coming from the same corner of the internet, that’s relatively easy — they can just block a range of internet addresses controlled by the attackers, while keeping the site available for everyone else. Content distribution networks (CDNs) such as Akamai deliver website content of behalf of customers from hundreds or thousands of locations around the world.

We’ve confirmed with multiple contacts in China that the browser can be used to access Facebook, Twitter and other censored sites using a Chinese service provider. Some security firms now offer a “scrubbing” service that allows a site under attack to redirect traffic through the security firm’s servers, which remove (scrub) the bad requests and send legitimate ones through. The organization also runs Free Weibo, a firehose-like service that shows all messages posted to Weibo, bypassing the heavy censorship filter that its users on the service are typically subject to.

And developers of big websites should now be considering Web Applications Firewalls (WAFs), which can be tailored to rebuff unwanted requests intended to overload the site’s search, shopping cart or document-uploading features. The incident is a sour one for Great Fire, which maintains that the U.S. company acted on instructions from the government, thereby tacitly endorsing internet censorship. (That’s opposed to the likes of Google, Facebook and Twitter all of which have all been vocal opponents.) It’s still early days for Collateral Freedom. The first attack, which began on March 17, sent 2.6 billion requests per hour at peak to Great Fire’s mirrored sites in an effort to seemingly take them offline via overwhelming traffic numbers.

We’ve notified other security organizations and are working together to get to the bottom of this,” a Baidu spokesperson told TechCrunch, but further research — including reports published by Great Fire today — suggest that the attack had “weaponized” millions of internet users who were unknowingly conducting the DDOS attack. Great Fire claims that third-party reports allow it to “confidently conclude that the Cyberspace Administration of China (CAC) is responsible for both of these attacks,” but that is based on patterns of attacks from the past and, as is so often the case with cyber attacks, there’s no indisputable piece of evidence to fully support that claim.

All three Great Fire founders have regular day jobs, which is pretty insane considering that their side project is devoted to tackling the world’s most prominent internet censorship regime. The organization’s advisory board includes former CNN journalist and Global Voices founder Rebecca MacKinnon, high-profile Chinese blogger Isaac Mao, and James Vasile of the Open Internet Tools Project and the Software Freedom Law Center. Since its inception in 2011, Great Fire has been a dogged and persistent critic of China, but it appeared to reach a milestone this January when it was acknowledged by the government for the first time. Great Fire hit back with an open letter to the head of the CAC. “We are not anti-China but we are anti-censorship in China,” the founders explained, and Smith echoed those comments to TechCrunch. “We can be against the censorship and love the country… we don’t like it when they paint us in that manner,” he added.

We can strengthen the mirrors and are going to get better and better at deflecting [attacks].” That said, Smith did admit that internally there has been some debate about how Great Fire should present itself to the world. Smith admitted that the organization has received feedback in support of this in-your-face style, and also suggestions that it could tone things down and focus on being the enabler for media and other content companies that want to get their websites back up and running in China using mirror sites.

Here you can write a commentary on the recording "Anti-censorship group: China behind cyberattacks on US sites".

* Required fields
All the reviews are moderated.
Our partners
Follow us
Contact us
Our contacts

ICQ: 423360519

About this site