Security experts say attack is likely an attempt by China to shut down anticensorship tools
BEIJING—A popular U.S. coding website is enduring an onslaught of Internet traffic meant for China’s most popular search engine, and security experts say the episode likely represents an attempt by China to shut down anticensorship tools.
The attack on San Francisco-based GitHub Inc., a service used by programmers and major tech firms world-wide to develop software, appears to underscore how China’s Internet censors increasingly reach outside the country to clamp down on content they find objectionable.
The Cyberspace Administration of China didn’t respond to a request for comment Sunday.
Security experts said the traffic onslaught—called a distributed denial-of-service attack in Internet circles—directed huge amounts of traffic from overseas users of Chinese search giant Baidu Inc. to GitHub, paralyzing GitHub’s website at times.
Specifically, the traffic was directed to two GitHub pages that linked to copies of websites banned in China, the experts said. One page was run by Greatfire.org, which helps Chinese users circumvent government censorship, while the other linked to a copy of the New York Times’s Chinese language website.
The attack began Thursday and was continuing Sunday. According to data on GitHub’s website, users couldn’t reach the site at times during that period.
Greatfire.org, which doesn’t disclose personal data about its founders, didn’t respond to requests for comment. It asked Twitter users to send it samples of the code behind the hack.
A spokeswoman for the New York Times declined to comment. It isn’t clear who controls the GitHub site that contains the copy of the paper’s content. The New York Times—like some other foreign media outlets, including The Wall Street Journal—is blocked in China.
GitHub declined to say what content was targeted in the attack or who it believed was behind the incident. “Based on reports we’ve received, we believe the intent of this attack is to convince us to remove a specific class of content,” GitHub said in a post Friday on its website.
GitHub said the cyberattack was the largest the website has experienced since it was founded in 2008. It also said early Sunday its efforts had mitigated some of the impact. Greatfire.org and Chinese New York Times pages on GitHub weren’t reachable Sunday, at least by some users.
Baidu said it wasn’t involved in the attack and its systems weren’t infiltrated. “After careful inspection by Baidu’s security engineers, we have ruled out the possibility of security problems or hacker attacks on our own products,” it said in a statement.
Mikko Hyponen, the chief research officer of cybersecurity firm F-Secure, said the attack was likely to have involved Chinese authorities because the hackers were able to manipulate Web traffic at a high level of China’s Internet infrastructure. It appeared to be a new type for China, he added. “It had to be someone who had the ability to tamper with all the Internet traffic coming into China.” he said.
Though Baidu is the largest search engine in China by several measures, the attack appeared to use traffic from its users outside the country, security experts said. When a user navigated to the Baidu search engine, they said, a code was activated that sent continuous requests for data from the user’s computer to GitHub. By tapping overseas users, the hackers made the attack harder to block, because the requests to GitHub came from all over the world and looked like typical requests for information.
China often blocks individual websites as part of its effort to control Internet content. But because GitHub’s site is encrypted, outside observers can’t tell whether users who go there are seeking ordinary programming code or anticensorship content similar to what Greatfire.org offers. Blocking the whole site would also cut off access for technology companies that use GitHub. China briefly blocked GitHub in 2013 but restored access following outcry from Chinese software developers.
Greatfire.org’s GitHub page contains links to copies of 10 websites blocked in China, including an uncensored version of the popular social-media service Weibo.
China’s Web censors have made other recent shows of force. Earlier this year China began directing some traffic from banned websites to seemingly random real websites outside China, temporarily taking those websites offline. At the beginning of the year, China also cracked down on virtual private networks, the most popular type of tool for circumventing the firewall, but many VPNs used in China are now functioning again.
Source: By Eva Dou The Wall Street Journal March 29, 2015 10:22 a.m. ET