Cyberattack hits hard at popular coding site Github
A debilitating onslaught of Internet traffic directed at Github appears to be focused on shutting down anticensorship tools.
GitHub is still grappling with a distributed denial-of-service attack of a scale it had never seen before and believed to originate from China.
The coding website is a popular repository for projects from game engines to security applications and Web app frameworks, and is used by programmers and tech firms to develop and share tools. The DDoS attack began Thursday and it has forced GitHub staff to rally and attempt to ease access problems. The techniques appear to be having a positive effect.
According to tweeted GitHub status updates, the website has "adjusted mitigation tactics and are observing improved TCP performance for the majority of non-attack traffic."
In a blog post last week, GitHub said the attack was the largest in the website's history. In a distributed denial-of-service attack, a website is forced to field so many access attempts that servers are overwhelmed and cannot adequately deal with legitimate communications.
GitHub said the attack "involves a wide combination of attack vectors" -- that is, the sites originating the massive amounts of traffic -- which "includes every vector we've seen in previous attacks as well as some sophisticated new techniques that use the web browsers of unsuspecting, uninvolved people to flood github.com with high levels of traffic."
"Based on reports we've received, we believe the intent of this attack is to convince us to remove a specific class of content," GitHub said.
The "specific class" of content may be related to China. As reported by the Wall Street Journal, GitHub's traffic surge is based on visits intended for China's largest search engine, Baidu. Security experts told the publication that the vast levels of traffic intended for Baidu have paralyzed GitHub over the duration of the attack.
Specifically, two particular sections of GitHub have been targeted. One content area is run by Greatfire.org, an anticensorship organization that releases tools to help Chinese citizens circumvent the county's stringent censorship controls -- known colloquially as the "Great Firewall of China." The second links to copies of The New York Time's Chinese language website and other banned domains.
Chinese security specialist Anthr@x from Insight Labs, currently living outside of the country, said that when using Baidu at the time of the first attack, "my first thought was someone naughty XSSed the page," and after further inspection, discovered the page was trying to load two URLs: github.com/greatefire/ and github.com/cn-nytimes/ every few seconds.
Anth@x believes the attack was due to HTTP hijacking, and "a certain device at the border of China's inner network and the Internet has hijacked the HTTP connections went into China, replaced some javascript files from Baidu with malicious ones that would load every two seconds." Block code execution was also apparently used to prevent looping. The security researcher states: "In other words, even people outside China are being weaponized to target things the Chinese government does not like, for example, freedom of speech."
Both Greatfire.org and the New York Times are censored in China.
In a statement, Baidu denied involvement in the attack, saying the firm "was not intentionally involved in any traffic redirection."
This story originally appeared at ZDNet under the headline "GitHub suffers 'largest DDoS' attack in site's history."