A nonprofit group developing tools to get around Chinese online censorship says the Chinese government is behind a recent attack that sent a flood of traffic to its site and services. China is effectively using the national firewall in place to censor the Internet for Chinese residents to weaponize the browsers of millions of global Internet users, according to GreatFire.
Earlier this month, the group announced that it was facing a significant distributed denial of service, or DDoS, attack, that was directing 2.6 billion requests per hour to its Web pages. Web sites aren't set up to handle that magnitude of traffic, and such attacks are typically aimed a knocking sites offline. Last week, a similar attack appears to have struck at popular code collaboration platform GitHub — specifically targeting GreatFire projects hosted on the site and making the whole platform intermittently available for some users.
Some researchers noted that the attack on GitHub appeared to involve hijacking the browsers of visitors to the site using tools developed by Baidu, China's largest search engine, as part of the attack. Baidu has denied involvement in the incident.
But in a blog post and research report released today, GreatFire said the same tactic is behind the attack on their Web site — and points to China as the culprit. "The tampering takes places someplace between when the traffic enters China and when it hits Baidu’s servers," the group said. "This is consistent with previous malicious actions and points to the Cyberspace Administration of China (CAC) being directly involved in these attacks."
If true, this allegation would mean that the tool currently used to limit Chinese residents' online activities is being used to make Internet users around the world attack content the country finds objectionable. "The Great Firewall has switched from being a passive, inbound filter to being an active and aggressive outbound one," said the GreatFire blog post.
Zhu Haiquan, a spokesperson for the Chinese Embassy in the U.S. declined to comment on the report in an e-mailed statement. "China's position on cyber security is clear and consistent. We have no comment on any hypothesis or allegation that is not supported by real facts and hard evidence." Earlier this year, CAC publicly called GreatFire "anti-China."
GitHub declined to comment specifically on the GreatFire report, but in a blog post last week, the company said the attack on their site included sophisticated new techniques that "use the web browsers of unsuspecting, uninvolved people" GitHub also said they think the intent of the attack was to cause them to "remove a specific class of content."
GreatFire believes its projects are that specific class of content, because links to their GitHub pages were included in the malicious code used in the attack. According to GitHub's status page, the attack is continuing.
The State Department expressed concern about the attacks in response to a Washington Post inquiry specifically about the GitHub and GreatFire situations. "We are troubled by reports that certain U.S. companies have been experiencing sustained distributed denial-of-service attacks," an agency official said in a statement. "We are deeply concerned that the attacks are reportedly continuing, and we urge any attackers to cease immediately."
China appears to be tightening its grip on its citizen's online activities. In January, many virtual private network (VPN) services used by those in China to evade online censorship became inaccessible within the country.
"The last couple months, we've seen a real sea change in Chinese Internet policy, where they've become more assertive about blocking Western sites and pushing back on their citizens' ability to access information from outside of the country," said James A. Lewis, a senior fellow at the Center for Strategic and International Studies, in response to the GitHub attack last week.
This post has been updated with a response from the Chinese Embassy.