SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
30 Mar 2015

Coding website GitHub hit by massive DDoS attack

A popular coding website of the USA is enduring an onslaught of Internet traffic meant for China’s most popular search engine, and security experts say the episode likely represents an attempt by China to shut down anticensorship tools.

The attack on San Francisco-based GitHub Inc., a service world-wide software development used by programmers and major tech firms, appears to underscore how China’s Internet censors increasingly reach outside the country to clamp down on content they find objectionable.

The Cyberspace Administration of China didn’t respond to a request for comment Sunday. Security experts said the traffic onslaught — called a distributed denial-of-service attack in Internet circles — directed huge amounts of traffic from overseas users of Chinese search giant Baidu Inc. to GitHub, paralyzing GitHub’s website at times. Specifically, the traffic was directed to two GitHub pages that linked to copies of websites banned in China, the experts said. One page was run by Greatfire.org, which helps Chinese users circumvent government censorship, while the other linked to a copy of the New York Times’s Chinese language website.

The attack began Thursday and was continuing Sunday. According to data on GitHub’s website, users couldn’t reach the site at times during that period. Online code repository GitHub says it is still battling a continuous distributed denial of service (DDoS) attack that has lasted for four days and is the biggest in the website's history. GitHub said the cyberattack was the largest the website has experienced since it was founded in 2008.

GitHub declined to say what content was targeted in the attack or who it believed was behind the incident. “Based on reports we’ve received, we believe the intent of this attack is to convince us to remove a specific class of content,” GitHub said in a post on its website. According to security firm Insight-Labs, the internet traffic directed at GitHub is coming from China and involves replacing legitimate tracking and advertising code from the Baidu search engine (China's equivalent of Google) with malicious java scripts that hijack HTTPS connections and keep loading both of the anti-censorship projects "every two seconds".

Baidu said it wasn’t involved in the attack and its systems weren’t infiltrated. “After careful inspection by Baidu’s security engineers, we have ruled out the possibility of security problems or hacker attacks on our own products,” it said in a statement. Mikko Hyponen, the chief research officer of cybersecurity firm F-Secure, said DDoS attack was likely to have involved Chinese authorities because the hackers were able to manipulate Web traffic at a high level of China’s Internet infrastructure. It appeared to be a new type for China, he added. “It had to be someone who had the ability to tamper with all the Internet traffic coming into China.” he said.

Though Baidu is the largest search engine in China by several measures, the attack appeared to use traffic from its users outside the country, security experts said. When a user navigated to the Baidu search engine, they said, a code was activated that sent continuous requests for data from the user’s computer to GitHub. By tapping overseas users, the hackers made the attack harder to block, because the requests to GitHub came from all over the world and looked like typical requests for information.

China often blocks individual websites as part of its effort to control Internet content. But because GitHub’s site is encrypted, outside observers can’t tell whether users who go there are seeking ordinary programming code or anticensorship content similar to what Greatfire.org offers. Blocking site would also cut off access for technology companies that use GitHub. China briefly blocked GitHub in 2013 but restored access following outcry from Chinese security software developers. According to recent research, DDoS cyber attacks get bigger, smarter, and more damaging.

Tags:
DDoS information leaks China HTTPS GitHub
Source:
The Wall Street Journal
2198
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015