Last week, China’s internet censorship apparently began playing offense – GitHub was the target of a massive distributed denial of service (DDoS) attack beginning last Thursday. The attack targeted two specific pages on GitHub’s site: the page for the Chinese-language version of the New York Times and the page for GreatFire.org, a group dedicated to exposing and circumventing Chinese online censorship.
GreatFire.org also said it had been the subject of a major DDoS attack beginning in mid-March, after which GreatFire.org began mirroring content on GitHub. The attack on GitHub came after GreatFire.org began asking users to access the GitHub page directly. GitHub called the attack the “largest DDos” ever launched against the site.
In investigating the attack, GreatFire.org discovered that the hacking was making use of “millions of global internet users.” Unsuspecting users had their computers infected with code that caused their machines to constantly reload the targeted webpages. One of the major sources for the virus was apparently the analytics script used by Baidu, China’s major search engine. The script, used on websites around the world to monitor traffic, became the vector for a massive cyberattack – one that, in GreatFire.org’s words, “compromised internet users and websites everywhere in the world.” In affect, millions of innocent internet users became weapons in the attack on GitHub and GreatFire.org.
China’s Internet censorship, symbolized by the “Great Firewall” generally functions passively when it comes to foreign websites – that is, Chinese users are simply blocked from reaching potentially objectionable content. Beijing recently has been seeking to tighten those passive controls, by beginning to crack down on the use of virtual private networks (VPNs), a often-used tool for getting around the Great Firewall.
This week’s attack, however, shows what happens when the Great Firewall goes on the offensive. Rather than simply blocking Chinese netizens’ access to foreign sites, China tried to shut off the sites at the source – preventing the global internet community from accessing them. In a statement on the attack, GitHub said, “[W]e believe the intent of this attack is to convince us to remove a specific class of content.” In other words, Beijing was no longer content with blocking The New York Times and GreatFire.org within China – it tried to have their content scrubbed entirely from GitHub.
It’s a concerning sign of escalation in China’s internet censorship.China has long simply removed objectionable sites and content from the Chinese Internet and government officials have likely wished they deal with foreign sites so easily. China argues that its concept of “internet sovereignty” gives it the right to administer China’s Internet according to domestic law. Apparently, Beijing has decided that control can be applied to troublesome foreign websites as well.
The repercussions, meanwhile, may adversely affect Chinese businesses. Baidu, for instance, can’t be happy that its company name has been tied to a massive cyberattack scheme. The company has promised to investigate the security breach that allowed the analytics script to be intercepted.
Meanwhile, the use of online certificates issued by the China Internet Network Information Center (CNNIC) in the attack has caused Google to decide not to recognize certificates issued by CNNIC as safe – affecting any website with a .cn domain. CNNIC called the decision “unacceptable and unintelligible” and assured users that “we guarantee that your lawful rights and interests will not be affected.” But until CNNIC proves to Google that it has tightened its security policies, anyone using a Google product to access a .cn website will be told the site is not safe.