Image: Tim Lucas/Flickr
After more than five relentless days, the distributed denial of service (DDoS) attack on the popular coding site GitHub appears to be coming to an end.The company, which previously called the attack the largest in its history, announced on Tuesday morning that "everything [is] operating normally," and the attack seems to have decreased.We asked a GitHub spokesperson to confirm whether the attack has indeed ceased, but we haven't yet received a response.A member of GreatFire, the anti-censorship activist group that was the apparent target of the attack, simply told Motherboard: "Looks like it!" But he also added that only GitHub could confirm.In any case, the two GitHub pages targeted in the attack were both back online as of Tuesday morning, at least to some users. Some others, however still had trouble accessing them."China is using their active and passive network infrastructure in order to perform a man-on-the-side attack against GitHub," Hjelmvik wrote.In light of this attack, he concluded, "the [Great Firewall of China] cannot be considered just a technology for inspecting and censoring the Internet traffic of Chinese citizens, but also a platform for conducting DDoS attacks against targets worldwide with help of innocent users visiting Chinese websites."But a spokesperson for China's Foreign Ministry seemed to deny the accusation when asked about it during a press conference.
Everything operating normally.
— GitHub Status (@githubstatus)March 31, 2015
Advertisement
The attack began on Wednesday night, when thousands, if not millions, of Internet users became unbeknownst conduits for the DDoS. Their traffic was hijacked and redirected thanks to malicious Javascript code. This code replaced legitimate scripts from Chinese Internet giant Baidu—such as common analytics or advertising? tracking scripts—which are hosted on thousands of websites.The traffic was redirected to two individual pages: GreatFire's GitHub page, and the group's New York Times mirrors list, which publicizes a list of sites and an app that mirror the paper's website, which is normally not accessible within China.
On Monday, GreatFire accused the Chinese government of being behind the attack, publishing a forensic analysis of the DDoS. Another independent analysis by Erik Hjelmvik, network forensics expert at Netresec, reached the same conclusion.The Great Firewall of China is "a platform for conducting DDoS attacks against targets worldwide with help of innocent users visiting Chinese websites."
Advertisement
"It is quite odd that every time a website in the US or any other country is under attack, there will be speculation that Chinese hackers are behind it," Hua Chunying said. "I'd like to remind you that China is one of the major victims of cyber attacks."GreatFire has set up the two targeted sites as part of a strategy to circumvent China's online censorship that's called "collateral freedom." The strategy consists of hosting controversial content within large websites that use web encryption, which makes it impossible for China to block an individual page within the site without blocking the entire site.The DDoS on GitHub seemed to be China's response to collateral freedom, and an attempt to force the website to block the two pages rather than suffer ongoing degraded service across the whole site. But GitHub did not cave, and it seems to have won—for now.UPDATE 03/31/2015, 12:59 p.m.: The story has been updated to reflect that fact that the attack may still be ongoing, but appears to have been mitigated by GitHub."I'd like to remind you that China is one of the major victims of cyber attacks."