Why experts think China launched the cyberattacks against GitHub

31 Mar 2015 | Author: | No comments yet »

China Appears to Attack GitHub by Diverting Web Traffic.

HONG KONG — The Chinese government has long used a sophisticated set of Internet filters known as the Great Firewall as a barrier to prevent its citizens from obtaining access to foreign websites with information it deems threatening.

NEW YORK: US coding site GitHub said on Sunday that it was deflecting most of the traffic from a days-long cyber attack that had caused intermittent outages for the social coding site, with the Wall Street Journal citing China as the source of the attack. “Eighty-seven hours in, our mitigation is deflecting most attack traffic.Activists battling internet censorship in China said Monday they had proof a massive online assault on their websites had been coordinated by the Chinese authorities.

China is effectively using the national firewall in place to censor the Internet for Chinese residents to weaponize the browsers of millions of global Internet users, according to GreatFire. In recent days, popular coding service GitHub faced a massive denial of service (DDoS) attack – an online attack aimed at bringing down a service by overloading it with fake traffic.

Citing unnamed security experts, the Journal said traffic was directed specifically to two GitHub pages with links to websites that are banned in China—one from Greatfire.org that helps users circumvent government censorship, the other the New York Times’ Chinese-language site. Github, a popular site where coders store and collaborate on software projects, was hit on Thursday and again on Sunday with cyberattacks that researchers believe originated from China. As of press time, Greatfire’s website was reporting a connection error; the company has asked Twitter users to send samples of the code behind the attack. Started in 2011 by three anonymous individuals tired of China’s approach to the internet, it initially tracked the effects of the country’s censorship system on websites. In a statement on the GreatFire.org blog, an activist identified as “Charlie” wrote: “On March 17th 2015, our websites and partner websites came under a DDoS attack.

Last week, a similar attack appears to have struck at popular code collaboration platform GitHub — specifically targeting GreatFire projects hosted on the site and making the whole platform intermittently available for some users. The aggressive new strategy shows vividly how Beijing is struggling to balance its desire to control the flow of information online with the aim of encouraging the growth of its tech sector. On its blog, GitHub said that the attack began early on Thursday “and involves a wide combination of attack vectors.” “These include every vector we’ve seen in previous attacks as well as some sophisticated new techniques that use the web browsers of unsuspecting, uninvolved people to flood github.com with high levels of traffic,” the blog post continued. “Based on reports we’ve received, we believe the intent of this attack is to convince us to remove a specific class of content.” GitHub supplies social coding tools for developers and calls itself the world’s largest code host. The company’s engineers have been working around the clock to keep the site operational, but it won’t be easy for Github to keep resisting the sophisticated attacks. The attackers altered the software Baidu uses to serve ads on Chinese websites, causing Baidu users’ computers to automatically and repeatedly connect to other sites.

It is available in English and Chinese, and periodically tests its collection of over 100,000 URLs to produce a history of the availability/restriction for each one. Because GitHub is fully encrypted, China’s domestic web filters cannot distinguish between pages that host code useful to programmers and code that circumvents censorship. If programmers have software they want to share — either inside the same company or with the general public — Github is the most popular way to do it. Among the users targeted were customers of Baidu, which offers a Chinese search engine and a Wikipedia-like service, and is one of China’s largest internet companies. These days, the three founders document new instances of internet restrictions and foul play in China via the organization’s blog and @greatfirechina Twitter account.

In 2013, when the government fully blocked GitHub, it caused an outcry among China’s many computer engineers, leading to the site’s subsequent unblocking. Stories it has dug up have included apparent attacks on Apple’s iCloud service, the blocking of Instagram and messaging apps, restrictions on Google services (of course) and — most recently — details of a man-in-the-middle attack on Microsoft Outlook users in China. “In terms of blogging, we’ve amazed ourselves,” said Smith. In January, many virtual private network (VPN) services used by those in China to evade online censorship became inaccessible within the country. “The last couple months, we’ve seen a real sea change in Chinese Internet policy, where they’ve become more assertive about blocking Western sites and pushing back on their citizens’ ability to access information from outside of the country,” said James A. In a number of recent public appearances, China’s Internet czar, Lu Wei, has called for respect for China’s Internet sovereignty, meaning that China should have the right to manage the Internet within its borders as it wants.

But the decision was reversed just two days later, after the government got an earful from Chinese engineers, who said they wouldn’t be able to do their jobs effectively without access to the huge amount of useful computer code available on the Github site. The traffic that flooded GitHub’s servers originated from browsers outside China that used Baidu’s advertising software, suggesting China itself is to blame. Microsoft entered the scene when it confirmed that “a small number of customers [were] impacted by malicious routing to a server impersonating Outlook.com” — and suddenly what was initially a small discovery had become a topic in media across the world, China included. That means the government has to choose between blocking the site altogether — which could damage the competitiveness of China’s technology sector — or let its users access everything, including politically sensitive content. In particular, because the traffic comes from real users scattered across the globe, instead of a concentrated network of infected computers, it is hard to sort the real traffic from the fake.

This kind of attack, known as a distributed denial-of-service (DDoS) attack, is designed to overwhelm Github’s servers and make the site inaccessible to legitimate users. GitHub is widely used by individual programmers and software companies alike to collaborate on projects, and is all but indispensable to the technology industry. But it appears that signals to or from Baidu ads and analytics tools are being redirected toward the targeted sites when users outside China visit a site inside China. First, many of the attacks targeted two Github addresses — https://github.com/greatfire/ and https://github.com/cn-nytimes/ — that are associated with anti-censorship projects. So, if Collateral Freedom is used to host a Google.com mirror on AWS, for example, a decision to block it will knock out other services that use AWS in China.

Baidu says it wasn’t responsible for this malicious code, which either means Baidu was hacked (it says it wasn’t) or someone was modifying Baidu pages as they traveled from Baidu to the user. Smith previously told us that censorship had “become a serious business issue,” and Great Fire’s Collateral Freedom theory works on the basis that blocking companies that provide the Internet plumbing is a step too far — but, even if the hammer did fall on them, the resulting outcry would cause significant harm for China because it would raise awareness of censorship issues in the open, Smith argued. “It’s going to be very difficult to block [Collateral Freedom sites] without causing a lot of economic damage. A new push to internationalize its efforts began this month, when Great Fire partnered with Reporters Without Borders to ‘unblock’ nine websites across 11 countries, including Russia and China. Great Fire previously considered expanding its efforts into other censorship affected countries, but instead it chose to open-source the basics for others to run with the ball. If all of these attacks are coming from the same corner of the internet, that’s relatively easy — they can just block a range of internet addresses controlled by the attackers, while keeping the site available for everyone else.

We’ve confirmed with multiple contacts in China that the browser can be used to access Facebook, Twitter and other censored sites using a Chinese service provider. The organization also runs Free Weibo, a firehose-like service that shows all messages posted to Weibo, bypassing the heavy censorship filter that its users on the service are typically subject to. It appears Github came up with a clever countermeasure: when it received a request from one of the URLs that had been targeted for attack, it responded with code that caused the victim’s computer to display an alert with the message “WARNING: malicious javascript detected on this domain.” This not only warned users that they were unknowingly participating in the attack, it also stopped that computer from attacking until the user acknowledged the alert, which is better than nothing.

The incident is a sour one for Great Fire, which maintains that the U.S. company acted on instructions from the government, thereby tacitly endorsing internet censorship. (That’s opposed to the likes of Google, Facebook and Twitter all of which have all been vocal opponents.) It’s still early days for Collateral Freedom. So far, Github has shown no sign that it’s ready to surrender, and over time it may become more difficult for the attackers to come up with new tactics.

The first attack, which began on March 17, sent 2.6 billion requests per hour at peak to Great Fire’s mirrored sites in an effort to seemingly take them offline via overwhelming traffic numbers. Great Fire claims that third-party reports allow it to “confidently conclude that the Cyberspace Administration of China (CAC) is responsible for both of these attacks,” but that is based on patterns of attacks from the past and, as is so often the case with cyber attacks, there’s no indisputable piece of evidence to fully support that claim. All three Great Fire founders have regular day jobs, which is pretty insane considering that their side project is devoted to tackling the world’s most prominent internet censorship regime.

Clearly, then, their efforts require outside funding; Smith declined to reveal details of Great Fire’s backers, only saying that “people have supported us, a lot [of whom are] inside China.” “We are funded by organizations that support a free Internet, in China and beyond,” Great Fire says on its website. The organization’s advisory board includes former CNN journalist and Global Voices founder Rebecca MacKinnon, high-profile Chinese blogger Isaac Mao, and James Vasile of the Open Internet Tools Project and the Software Freedom Law Center.

Since its inception in 2011, Great Fire has been a dogged and persistent critic of China, but it appeared to reach a milestone this January when it was acknowledged by the government for the first time. Great Fire hit back with an open letter to the head of the CAC. “We are not anti-China but we are anti-censorship in China,” the founders explained, and Smith echoed those comments to TechCrunch. “We can be against the censorship and love the country… we don’t like it when they paint us in that manner,” he added. We can strengthen the mirrors and are going to get better and better at deflecting [attacks].” That said, Smith did admit that internally there has been some debate about how Great Fire should present itself to the world. Smith admitted that the organization has received feedback in support of this in-your-face style, and also suggestions that it could tone things down and focus on being the enabler for media and other content companies that want to get their websites back up and running in China using mirror sites.

Here you can write a commentary on the recording "Why experts think China launched the cyberattacks against GitHub".

* Required fields
All the reviews are moderated.
Our partners
Follow us
Contact us
Our contacts


ICQ: 423360519

About this site