Categories: Security

China ‘Carried Out GitHub DDoS Attack’

The Chinese government appears to have been responsible for the denial-of-service attack on web-based code repository GitHub carried out over the past several days, according to security researchers and those targeted.

The attack targeted GitHub’s mirrors of two websites blocked by China’s official Internet filtering system, according to researchers – those of activist organisation GreatFire and a Chinese edition of The New York Times.

Official involvement

“This attack was unusual in nature as we discovered that the Chinese authorities were steering millions of unsuspecting internet users worldwide to launch the attack,” GreatFire said in a statement.

Meanwhile, the attack, which consists of directing large amounts of traffic to two GitHub addresses, is ongoing but mitigation efforts have eliminated its effects as of Monday evening, according to GitHub.

“Mitigation remains effective and service is stable,” GitHub said via its status Twitter feed early on Tuesday morning, UK time.

The attack began on Thursday, and involved a “wide combination of attack vectors”, GitHub said at the time.

“These include every vector we’ve seen in previous attacks as well as some sophisticated new techniques that use the web browsers of unsuspecting, uninvolved people to flood with high levels of traffic,” the service said in an advisory.

Attack filters

Security researchers determined that the Chinese government’s official filters, which monitor Internet traffic entering or leaving the country, were being used to direct malicious requests at GitHub.

“China is using their active and passive network infrastructure in order to perform a man-on-the-side attack against GitHub,” wrote Erik Hjelmvik, a researcher with Swedish security monitoring and forensics firm Netresec, in an advisory.

The technique targeted users from outside the country visiting Chinese websites, according to Hjelmvik and other researchers. Such websites commonly contain requests intended to retrieve a snippet of JavaScript code from Baidu, a Chinese search engine, that is used to analyse traffic.

In this case, the request was intercepted by government filtering infrastructure, which responded with its own JavaScript code – code that instructed the user’s web browser to send requests to two specific GitHub addresses every few seconds.

The substitution occurred only about 1 percent of the Baidu JavaScript requests, according to Hjelmvik, but this still generated enough traffic to help overwhelm GitHub’s servers.

Multiple scripts

Other Baidu scripts seem to have been used in the attack, including those used for advertising and other services.

“These domains are all owned bu Baidu, but technically any JavaScript from any site in China could have been exploited to perform this sort of Man-on-the-side attack,” Hjelmvik wrote. “The Great Firewall of China cannot be considered just a technology for inspecting and censoring the Internet traffic of Chinese citizens, but also a platform for conducting DDoS attacks against targets worldwide with help of innocent users visiting Chinese websites.”

The attack didn’t require any infiltration of Baidu’s systems, as the company confirmed to
The Wall Street Journal. “After careful inspection by Baidu’s security engineers, we have ruled out the possibility of security problems or hacker attacks on our own products,” the company stated.

Are you a security pro? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Norway Hit By DDoS Cyber Attacks From Pro Russian Group

Norwegian national security agency warns pro-Russian group has targetted private and public institutions in Norway…

17 hours ago

Google Tells Staff They Can Relocate After Roe v Wade Ending

After US Supreme Court last week removed women's reproduction rights, Google tells staff they can…

17 hours ago

Taiwan Developing Own Digital Currency – Report

Central bank of Taiwan confirms it is still working on its digital currency, but has…

19 hours ago

Tesla Cuts 200 Autopilot Jobs, Closes San Mateo Office – Report

More restructuring at Tesla with hundreds of bob losses and California office closure, where staff…

21 hours ago

US FCC Commissioner Urges Apple, Google To Remove TikTok

Fresh worry for TikTok, after FCC Commissioner writes to Apple and Google about removing the…

21 hours ago

Airbnb Permanently Bans Parties, With Few Exceptions

Victory for irate neighbours? Airbnb confirms its temporary Covid ban on parties in its listings…

22 hours ago