back to article Day FOUR of the GitHub web assault: Activists point fingers at 'China's global censorship'

With the GitHub distributed denial-of-service (DDoS) attack nearing its fifth day of bombardment, the code-sharing upstart said it is holding up well under fire. The site said as of Monday afternoon, Pacific Time, it is still operating at 100 per cent, despite a continuing flow of malicious traffic to its servers. GitHub said …

  1. oldtaku

    If there were any doubt at all before (there wasn't much), there's no way Baidu, the Chinese Govt search engine, could be 'hacked' for four days without orders from the Chinese Govt.

    1. asdf Silver badge

      hmm

      It would seem that the media and the US government only pays attention if its some corporation getting hacked. If its a big open source site who cares (yes I know corps use github too).

    2. thames

      Baidu hasn't been hacked. This is supposedly happening somewhere else. Some part of the network (possibly the routers) is injecting Javascript into the response traffic after it has left Baidu but before it reaches the user to add extra Javascript. ISPs in the US have been doing the same thing to inject advertising, but in this case the Javascript conducts a DDOS instead of showing ads.

      From the sounds of it, Baidu wouldn't even be able to see anything different from their data centres, since the Javascript injection happens somewhere else in the Internet, possibly on its way out of China.

      I imagine that Baidu is not happy about this, since it would have the potential to hurt their business. The article isn't clear on this, but it describes the traffic being intercepted as being from "Baidu's advertising network", so it's quite possible that Baidu is losing a significant amount of money on this.

      1. TeeCee Gold badge

        And what's definately between Baidu and everywhere else that could easily do this to all passing traffic?

        The Great Firewall of China.

        There goes the last of the doubt as to who's doing this. If they weren't such a PITA you'd have to laugh at the Chinese government for being repeatedly so shit at misdirection.

        1. Alan Brown Silver badge

          "And what's definately between Baidu and everywhere else that could easily do this to all passing traffic?"

          Ah, but does the Great Firewall manage to get itself in the way of SSL traffic?

      2. Anonymous Coward
        Anonymous Coward

        Yes it was a good idea for British Telecom to share Phorm tech with China

        Chickens home to roast

        1. Destroy All Monsters Silver badge
          Big Brother

          Re: Yes it was a good idea for British Telecom to share Phorm tech with China

          In Soviet UK, homecoming toothed chicken roasts YOU!

      3. Tom 13

        Re: Baidu hasn't been hacked.

        Sure they have. The hack might not be happening on their servers, but it is their data stream. I'd expect any agency NOT controlled by a government assisting the hackers to take actions to mitigate it even the problem is happening on someone else's routers. With dog + world switching to https, that seems like the logical first step for them to take.

        1. Oninoshiko

          Re: Baidu hasn't been hacked.

          "Sure they have. The hack might not be happening on their servers, but it is their data stream. I'd expect any agency NOT controlled by a government assisting the hackers to take actions to mitigate it even the problem is happening on someone else's routers. With dog + world switching to https, that seems like the logical first step for them to take."

          That may not work. If it's the Chinese government, they have enough clout to have keys made for Baidu and still run a MITM attack.

          But here's the reality, the management of Baidu are members of the communist party of china. If the Chinese government is running the attack, it's with the blessing of the party (the one thing I can say about a single party system, is I always know who to blame). So I can only conclude Baidu's upper management is complacent in it.

      4. awood-something_or_another

        Layer 7 routers???

        Some part of the network (possibly the routers) is injecting Javascript into the response traffic after it has left Baidu but before it reaches the user to add extra Javascript.

        @thames - WOW - Layer 7 routers. How ingenious. I mean I get it - self-realizing routers that inject JS ..... how bored they must have become operating only @ Layer 3 .... where routers operate.

  2. moiety Silver badge

    Would this be China attempting to extend censorship beyond their borders? That's a bit cheeky.

    1. E 2

      Whereas when the UK or USA does so it is not?

      1. Destroy All Monsters Silver badge

        In the case of USUK it is a "social gain" which we don't want to abandon.

        1. Alan Brown Silver badge

          "In the case of USUK it is a "social gain" which we don't want to abandon."

          Stand in front of Kim Dotcom and tell him that.

          1. E 2

            Kim Dotcom...

            I don't really care if Kim Dotcom got the case against him dropped. The main use people made of his storage system was piracy, and whether he "knew" that or not he bears responsibility for offering the service in the same manner that the Silk Road guy did.

  3. Number6

    The way around that would be for people to install a browser plug-in that filtered traffic to the Baidu ad network. If they're not requesting scripts from inside the Chinese firewall then hopefully they're less likely to be modified.

    1. Nathar Leichoz

      No$cript and AdB1ock

      I think you just primed the interweb to start posting about No$cript and AdBl0ck Plus here.

      1. Anonymous Coward
        Anonymous Coward

        Re: No$cript and AdB1ock

        "I think you just primed the interweb to start posting about No$cript and AdBl0ck Plus here."

        Or just use IE and not need to install anything extra to block such content. Just enable the relevant tracking protection list...

        1. wyatt

          Re: No$cript and AdB1ock

          Thanks, I didn't know about Tracking Protection Lists until now!

        2. asdf Silver badge

          Re: No$cript and AdB1ock

          NoScript and privoxy you mean. Adblock's author is now being bought by the highest bidder and Adblock is a terrible memory and even cpu hog.

        3. E 2

          Re: No$cript and AdB1ock

          Good idea - not least because with every release Firefox more closely resembles and behaves like IE.

    2. Anonymous Coward
      Anonymous Coward

      Why thank-you Baidu

      You've just given me an excuse to block your JavaScript objects.

      The fact that I barely noticed your failed DDOS only makes this more amusing.

      Advanced users: even though the untrusted sites blacklist has no listing UI of its own, you can mass-edit it either modifying the noscript.untrusted about:config preference or using the Import/Export functionality of the NoScript Options|Whitelist panel, knowing that the untrusted entries are exported under an [UNTRUSTED] header.

      — NoScript

      I guess that's the answer.

  4. PassiveSmoking

    How about redirecting all internet traffic that originates in China to lemonparty.org for a while?

    1. Anonymous Coward
      Anonymous Coward

      It does not appear to originate in China. People from other countries visit Chinese websites. Those websites have advertisements that are provided by Baidu the way Google does for most non-Chinese sites. Some of those advertisements appear to contain malicious code which then execute on the foreign computer. So the attacks do not originate in China. You could of course make it impossible for foreigners to visit Chinese sites, but then you'ld pretty much destroy the backend of many large western companies.

  5. Anonymous Coward
    Anonymous Coward

    Actually what hasn't been said is

    well done GitHub and their tech team for standing up under this barrage, the conquest of the coders over the users.

    1. James Hughes 1

      Re: Actually what hasn't been said is

      Took them a few hours when I had real trouble getting some stuff, but seems OK now.

  6. oneeye

    Here is analysis of the attack

    Threatpost has a good article on this and here is the link to the Swedish outfit that did an in-depth analysis.

    http://www.netresec.com/?page=Blog&month=2015-03&post=China%27s-Man-on-the-Side-Attack-on-GitHub

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020