Pierluigi Paganini
March 28, 2015
The popular coding website Github suffered a large-scale distributed denial of service (DDoS) attack that lasted more than 24 hours starting from Thursday night.
The attack exploited the redirection of users who were connecting to many other websites on the Internet. The attackers injected malicious JavaScript code into the pages of those websites that was responsible for the hijacking of their visitors to Github.
The researcher analyzed the JavaScript code used in the attack and it appears like a sample of code available on pastebin.
Visitors who tried to access several websites in Internet used has DDoS gunner, noticed that those websites was serving advertisements and tracking code from Chinese Baidu, the code used by attackers instructs browsers of visitors to those websites to connect GitHub.com every two seconds. The technique allowed the attackers to generate “an extremely large amount of traffic,” according to researcher Anthr@x from Insight-labs.
The attackers have chosen the Baidu search engine because it has an impressive amount of visitors that were recruited with this technique in the attack that resulted in the massive flood of traffic on the Github website.
In time I’m writing Baidu denied any responsibility for the redirection mechanism exploited for the DDoS attacks:
“We’ve notified other security organizations,” states the company in an official statement, “and are working together to get to the bottom of this.“
GitHub confirmed that the distributed denial-of-service attacks, caused irregular outages of the service.
The experts speculate that the attackers are linked to the Chinese Government that used the browsers of unaware users to hit a website not “aligned” to the Government of Beijing.
“What is happening here is pretty clear now: A certain device at the border of China’s inner network and the Internet has hijacked the HTTP connections went into China, replaced some javascript files from Baidu with malicious ones that would load
every two seconds.
“In other words, even people outside China are being weaponized to target things the Chinese government does not like, for example, freedom of speech.” reported the post on insight-labs.
The attackers used this DDoS variant to hit two popular Github projects, the GreatFire and CN-NYTimes, that are two anti-censorship tools used to avoid censorship operated by China and cirmcument The Great Firewall Of China.
Below the descripions of the two development groups active on Github platform.
GitHub has informed the users that the company has deployed new defense to protect the website from attackers that are also responding by adapting their tactics, as reported by Status Message Board.
“Restoring service for all users while deflecting attack traffic is our number one priority. We’ve deployed our volumetric attack defenses against an extremely large amount of traffic. Performance is stabilizing,” a message posted by Github at 15:04 UTC says.
“We’ve been under continuous DDoS attack for 24+ hours. The attack is evolving, and we’re all hands on deck mitigating.”
(Security Affairs – DDoS, GitHub)
