Is China responsible for Massive DDoS Attack against GitHub?

Pierluigi Paganini March 28, 2015

The Chinese Government is suspected for the large-scale distributed denial of service (DDoS) attack that hit the popular GitHub website.

The popular coding website Github suffered a large-scale distributed denial of service (DDoS) attack that lasted more than 24 hours starting from Thursday night.

The attack exploited the redirection of users who were connecting to many other websites on the Internet. The attackers injected malicious JavaScript code into the pages of those websites that was responsible for the hijacking of their visitors to Github.

The researcher analyzed the JavaScript code used in the attack and it appears like a sample of code available on pastebin.

Visitors who tried to access several websites in Internet used has DDoS gunner, noticed that those websites was serving advertisements and tracking code from Chinese Baidu, the code used by attackers instructs browsers of visitors to those websites to connect every two seconds. The technique allowed the attackers to generate “an extremely large amount of traffic,” according to researcher Anthr@x from Insight-labs.

The attackers have chosen the Baidu search engine because it has an impressive amount of visitors that were recruited with this technique in the attack that resulted in the massive flood of traffic on the Github website.

In time I’m writing Baidu denied any responsibility for the redirection mechanism exploited for the DDoS attacks:

We’ve notified other security organizations,” states the company in an official statement, “and are working together to get to the bottom of this.

GitHub DDoS baidu

GitHub confirmed that the distributed denial-of-service attacks, caused irregular outages of the service.

The experts speculate that the attackers are linked to the Chinese Government that used the browsers of unaware users to hit a website not “aligned” to the Government of Beijing.

“What is happening here is pretty clear now: A certain device at the border of China’s inner network and the Internet has hijacked the HTTP connections went into China, replaced some javascript files from Baidu with malicious ones that would load

every two seconds.

“In other words, even people outside China are being weaponized to target things the Chinese government does not like, for example, freedom of speech.” reported the post on insight-labs.

GitHub DDoS 2

The attackers used this DDoS variant to hit two popular Github projects, the GreatFire and CN-NYTimes, that are two anti-censorship tools used to avoid censorship operated by China and cirmcument The Great Firewall Of China.

Below the descripions of the two development groups active on Github platform.

  • GreatFire – A well-known group on Github that fights against Chinese government censorship of the Internet.
  • CN-NYTimes – A group that hosts New York Times mirrors to allow Chinese citizens to access the news website, which is normally blocked in China.

GitHub has informed the users that the company has deployed new defense to protect the website from attackers that are also responding by adapting their tactics, as reported by Status Message Board.

4:46 UTCThe ongoing DDoS attack has adjusted tactics again. We are continuing to adapt and mitigate it.
2:30 UTCThe ongoing DDoS attack has shifted to include Pages and assets. We are updating our defenses to match.

“Restoring service for all users while deflecting attack traffic is our number one priority. We’ve deployed our volumetric attack defenses against an extremely large amount of traffic. Performance is stabilizing,” a message posted by Github at 15:04 UTC says.

“We’ve been under continuous DDoS attack for 24+ hours. The attack is evolving, and we’re all hands on deck mitigating.”

Pierluigi Paganini

(Security Affairs –  DDoS,  GitHub)

you might also like

leave a comment