The Chinese government appears to have been responsible for the denial-of-service attack on web-based code repository GitHub carried out over the past several days, according to security researchers and those targeted.
The attack targeted GitHub’s mirrors of two websites blocked by China’s official Internet filtering system, according to researchers – those of activist organisation GreatFire and a Chinese edition of The New York Times.
Meanwhile, the attack, which consists of directing large amounts of traffic to two GitHub addresses, is ongoing but mitigation efforts have eliminated its effects as of Monday evening, according to GitHub.
“Mitigation remains effective and service is stable,” GitHub said via its status Twitter feed early on Tuesday morning, UK time.
The attack began on Thursday, and involved a “wide combination of attack vectors”, GitHub said at the time.
“These include every vector we’ve seen in previous attacks as well as some sophisticated new techniques that use the web browsers of unsuspecting, uninvolved people to flood github.com with high levels of traffic,” the service said in an advisory.
Security researchers determined that the Chinese government’s official filters, which monitor Internet traffic entering or leaving the country, were being used to direct malicious requests at GitHub.
“China is using their active and passive network infrastructure in order to perform a man-on-the-side attack against GitHub,” wrote Erik Hjelmvik, a researcher with Swedish security monitoring and forensics firm Netresec, in an advisory.
In this case, the request was intercepted by government filtering infrastructure, which responded with its own JavaScript code – code that instructed the user’s web browser to send requests to two specific GitHub addresses every few seconds.
The substitution occurred only about 1 percent of the Baidu JavaScript requests, according to Hjelmvik, but this still generated enough traffic to help overwhelm GitHub’s servers.
Other Baidu scripts seem to have been used in the attack, including those used for advertising and other services.
“These domains are all owned bu Baidu, but technically any JavaScript from any site in China could have been exploited to perform this sort of Man-on-the-side attack,” Hjelmvik wrote. “The Great Firewall of China cannot be considered just a technology for inspecting and censoring the Internet traffic of Chinese citizens, but also a platform for conducting DDoS attacks against targets worldwide with help of innocent users visiting Chinese websites.”
The attack didn’t require any infiltration of Baidu’s systems, as the company confirmed to
The Wall Street Journal. “After careful inspection by Baidu’s security engineers, we have ruled out the possibility of security problems or hacker attacks on our own products,” the company stated.
Are you a security pro? Try our quiz!
Welcome to Silicon UK: AI for Your Business Podcast. Today, we explore how AI can…
Japanese tech investment firm SoftBank promises to invest $100bn during Trump's second term to create…
Synopsys to work with start-up SiMa.ai on joint offering to help accelerate development of AI…
Start-up Basis raises $34m in Series A funding round for AI-powered accountancy agent to make…
Data analytics and AI start-up Databricks completes huge $10bn round from major venture capitalists as…
Congo files legal complaints against Apple in France, Belgium alleging company 'complicit' in laundering conflict…