The recent large-scale DDoS attacks against GitHub and anti-censorship group Greatfire.org are likely to signal the start of a major new attack campaign by China against foreign internet sites, according to Greatfire.
Since its infrastructure was overwhelmed by a huge DDoS on 17 March, Greatfire.org has been relatively quiet, “gathering evidence and information to figure out who is responsible,” co-founder Charlie Smith told Infosecurity.
Now the group has released a blog post claiming the Chinese government was indeed behind the attacks on it and GitHub.
Its findings can be read in the first detailed technical report on the attacks.
As reported by Infosecurity on Monday, the attackers replaced some Baidu Analytics JavaScript code with malicious script which loads the sites in question every two seconds, causing a denial of service.
Unlike previous attacks by the Great Firewall, this one effectively weaponized users outside China against sites based outside China.
“To mitigate the DDoS attack, we mirrored content on our GitHub repository and asked users to access that page directly. The attackers then switched their attack to our GitHub page,” wrote Smith.
“Based on the technical forensic evidence provided above and the detailed research that has been done on the GitHub attack, we can now confidently conclude that the Cyberspace Administration of China (CAC) is responsible for both of these attacks.”
Greatfire.org believes the CAC is ultimately responsible because inserting malicious code as it had to in order to launch the DDoS can only be done via the Chinese internet backbone, which the government is effectively responsible for managing.
“Hijacking the computers of millions of innocent internet users around the world is particularly striking as it illustrates the utter disregard the Chinese authorities have for international as well as even Chinese internet governance norms,” Smith continued.
“There was no way for an average internet user to prevent themselves from being exploited as part of this attack.”
He claimed the Great Firewall – China’s fearsome censorship apparatus – has now transitioned from being a “passive, inbound filter” to an “active and aggressive outbound one” which could be a hugely destabilizing force.
“These attacks also illustrate the shortsighted nature of the Chinese authorities. Weaponizing Chinese internet services stifles global confidence in Chinese entrepreneurs and contributes to the fragmentation of the global internet,” said Smith.
“We correctly predicted last year that China would increase their use of MITM attacks in an effort to censor encrypted websites. We now sadly predict that the DDoS attacks against us and GitHub are likely to signal a ramping up of attacks against foreign internet properties. These kinds of attacks should draw scorn and criticism from government officials of all countries around the world.”