Internet activists blame China for cyber-attack that brought down GitHub

GreatFire says China hijacked accounts of internet users worldwide, including those who use Baidu, a Chinese internet company which offers a search engine and Wikipedia-like service. Photograph: Ng Han Guan/AP

GitHub censorship project GreatFire alleges that China authorities redirected global web traffic to launch a massive denial of service attack on the website

Activists battling internet censorship in China said Monday they had proof a massive online assault on their websites had been coordinated by the Chinese authorities.

In recent days, popular coding service GitHub faced a massive denial of service (DDoS) attack – an online attack aimed at bringing down a service by overloading it with fake traffic.

The attack started last Thursday and targeted two GitHub projects designed to combat censorship in China: GreatFire and CN-NYTimes, a Chinese language version of the New York Times.

In a statement on the GreatFire.org blog, an activist identified as “Charlie” wrote: “On March 17th 2015, our websites and partner websites came under a DDoS attack. We had never been subjected to an attack of this magnitude before. This attack was unusual in nature as we discovered that the Chinese authorities were steering millions of unsuspecting internet users worldwide to launch the attack. We believe this is a major cybersecurity and economic threat for the people of China.”

After consulting with independent researchers and the internet community, GreatFire claims to have established that the attack was made by hijacking the account of millions of global internet users, inside and outside China.

Those users received malicious code which was then used to launch cyber-attacks against GreatFire.org’s websites. Among the users targeted were customers of Baidu, which offers a Chinese search engine and a Wikipedia-like service, and is one of China’s largest internet companies.

According to GreatFire, Baidu’s Analytics code – a service that tracks and reports website traffic – was one of the files replaced by malicious code. Baidu Analytics is used by thousands of websites.

GreatFire released a research report titled “Using Baidu to steer millions of computers to launch denial of service attacks” to back up its claims.

Baidu had previously told the Wall Street Journal that it wasn’t involved in the attack and its systems had not been infiltrated. “After careful inspection by Baidu’s security engineers, we have ruled out the possibility of security problems or hacker attacks on our own products,” it said in a statement.

 

 

Source: The Guardian  by Dominic Rushe Monday 30 March 2015

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s