The Five-Day Cyber Assault on GitHub Appears to Finally Be Calming Down

​After more than five relentless days, the distributed denial of service (DDoS) attack on the popular coding site GitHub appears to be coming to an end.

The company, which previously called the attack the largest in its history, announced on Tuesday morning that "everything [is] operating normally," and the attack seems to have decreased.

Everything operating normally.

— GitHub Status (@githubstatus)March 31, 2015

We asked a GitHub spokesperson to confirm whether the attack has indeed ceased, but we haven't yet received a response.

A member of GreatFire, the anti-censorship activist group that was the apparent target of the attack, simply told Motherboard: "Looks like it!" But he also added that only GitHub could confirm.

In any case, the two GitHub pages targeted in the attack were both back online as of Tuesday morning, at least to some users. Some others, however still had trouble accessing them.

— Odisseus (@_odisseus)March 31, 2015

The attack began on Wednesday night, when thousands, if not millions, of Internet users became unbeknownst conduits for the DDoS. Their traffic was hijacked and redirected thanks to malicious Javascript code. This code replaced legitimate scripts from Chinese Internet giant Baidu—such as common analytics or advertising? tracking scripts—which are hosted on thousands of websites.

The traffic was redirected to two individual pages: GreatFire's GitHu​b page, and the group's New York Times mirror​s list, which publicizes a list of s​ites and an app that mirror the paper's website, which is normally not accessible within China.

On Monday, GreatFire accused the Chine​se government of being behind the attack, publishing a forensic analysis of the DDoS. Another indepen​dent analysis by Erik Hjelmvik, network forensics expert at Netresec, reached the same conclusion.

"China is using their active and passive network infrastructure in order to perform a man-on-the-si​de attack against GitHub," Hjelmvik wrote.

In light of this attack, he concluded, "the [Great Firewall of China] cannot be considered just a technology for inspecting and censoring the Internet traffic of Chinese citizens, but also a platform for conducting DDoS attacks against targets worldwide with help of innocent users visiting Chinese websites."

But a spokesperson for China's Foreign Ministry seemed to deny the accusation when asked about it during a press conference.

"It is quite odd that every time a website in the US or any other country is under attack, there will be speculation that Chinese hackers are behind it," Hua Chunying sa​id. "I'd like to remind you that China is one of the major victims of cyber attacks."

GreatFire has set up the two targeted sites as part of a strategy to circumvent China's online​ censorship that's called "collateral fr​eedom." The strategy consists of hosting controversial content within large websites that use web encryption, which makes it impossible for China to block an individual page within the site without blocking the entire site.

The DDoS on GitHub seemed to be China's response to collateral freedom, and an attempt to force the website to block the two pages rather than suffer ongoing degraded service across the whole site. But GitHub did not cave, and it seems to have won—for now.

UPDATE 03/31/2015, 12:59 p.m.: The story has been updated to reflect that fact that the attack may still be ongoing, but appears to have been mitigated by GitHub.