A popular coding website of the USA is enduring an onslaught of Internet traffic meant for China’s most popular search engine, and security experts say the episode likely represents an attempt by China to shut down anticensorship tools.
The attack on San Francisco-based GitHub Inc., a service world-wide software development used by programmers and major tech firms, appears to underscore how China’s Internet censors increasingly reach outside the country to clamp down on content they find objectionable.
The Cyberspace Administration of China didn’t respond to a request for comment Sunday. Security experts said the traffic onslaught — called a distributed denial-of-service attack in Internet circles — directed huge amounts of traffic from overseas users of Chinese search giant Baidu Inc. to GitHub, paralyzing GitHub’s website at times. Specifically, the traffic was directed to two GitHub pages that linked to copies of websites banned in China, the experts said. One page was run by Greatfire.org, which helps Chinese users circumvent government censorship, while the other linked to a copy of the New York Times’s Chinese language website.
GitHub declined to say what content was targeted in the attack or who it believed was behind the incident. “Based on reports we’ve received, we believe the intent of this attack is to convince us to remove a specific class of content,” GitHub said in a post on its website. According to security firm Insight-Labs, the internet traffic directed at GitHub is coming from China and involves replacing legitimate tracking and advertising code from the Baidu search engine (China's equivalent of Google) with malicious java scripts that hijack HTTPS connections and keep loading both of the anti-censorship projects "every two seconds".
Baidu said it wasn’t involved in the attack and its systems weren’t infiltrated. “After careful inspection by Baidu’s security engineers, we have ruled out the possibility of security problems or hacker attacks on our own products,” it said in a statement. Mikko Hyponen, the chief research officer of cybersecurity firm F-Secure, said DDoS attack was likely to have involved Chinese authorities because the hackers were able to manipulate Web traffic at a high level of China’s Internet infrastructure. It appeared to be a new type for China, he added. “It had to be someone who had the ability to tamper with all the Internet traffic coming into China.” he said.
Though Baidu is the largest search engine in China by several measures, the attack appeared to use traffic from its users outside the country, security experts said. When a user navigated to the Baidu search engine, they said, a code was activated that sent continuous requests for data from the user’s computer to GitHub. By tapping overseas users, the hackers made the attack harder to block, because the requests to GitHub came from all over the world and looked like typical requests for information.
China often blocks individual websites as part of its effort to control Internet content. But because GitHub’s site is encrypted, outside observers can’t tell whether users who go there are seeking ordinary programming code or anticensorship content similar to what Greatfire.org offers. Blocking site would also cut off access for technology companies that use GitHub. China briefly blocked GitHub in 2013 but restored access following outcry from Chinese security software developers. According to recent research, DDoS cyber attacks get bigger, smarter, and more damaging.
