The ongoing denial-of-service attack against code-sharing site GitHub marks an escalation in China’s cyber censorship battle, security experts warn, urging a strong response from the U.S. government.
San Francisco-based GitHub has not said who it believes is behind the attack, which started last month, although the finger of suspicion has been pointed firmly in the direction of China. Anti-online censorship group Greatfire.org says that Chinese authorities took over computers both inside and outside the country to launch cyberattacks against the Greatfire.org website and GitHub, which hosts some of the group's data.
The attack, which was the largest in GitHub’s history, began March 26, causing intermittent shutdowns of the code sharing forum. The shadowy attackers used the web browsers of “unsuspecting, uninvolved people" to flood github.com with high levels of traffic, according to GitHub. On March 31, after days of battling the attack, GitHub reported that that its service was operating normally.
“I believe that it’s likely that it is the government of China behind this,” Mikko Hypponen, chief research officer at software security specialist F-Secure told FoxNews.com. “The reason why the attack is still ongoing is because their target is to cause pain for GitHub.”
“It’s a tremendous escalation of nation state enforcement of their policy of banning what people can get access to,” added Richard Stiennon, chief research analyst at IT-Harvest. “China probably thinks of the U.S.’s Internet infrastructure as the wild wild west, where everybody does what they want – this could be bad, if the government doesn’t respond, there will be more attacks.”
Security expert Robert Graham traced a machine used in the GitHub attack to a location on or near the so-called “Great Firewall of China” -- the technology infrastructure for Internet censorship in China. “This is important evidence for our government,” he wrote, in a blog post. “It'll be interesting to see how they respond to these attacks - attacks by a nation state against key United States Internet infrastructure.”
The long-running nature of the digital assault also underlines the threat posed by shadowy attackers. A person with knowledge of the issue told FoxNews.com Monday that the attack is ongoing, but has decreased in intensity. GitHub, the person added, is mitigating the attack well and is fully operational.
F-Secure’s Hypponen told FoxNews.com that GitHub poses a unique challenge for China. “With every single GitHub page encrypted, “The Great Firewall of China” is unable to block individual pages on the site. “They would have to block everything, and that will not happen because a lot of Chinese companies are using GitHub,” he said. “The only option that China has is to bully GitHub.”
Greatfire.org said it had mirrored some of its content on GitHub repositories, and that the data were the targets of the attacks.
Greatfire.org added that Chinese authorities carried out the attacks by installing malicious code on the computers of users visiting the popular Chinese search engine Baidu and related sites and using those computers to overwhelm GitHub and Greatfire.org websites with service requests.
The group said the attacks marked the first of their kind blamed on Chinese authorities and represented a dangerous escalation for a country that already tightly restricts what Chinese can see online. Greatfire.org said it was a direct target of similar denial-of-service attacks earlier in March.
Baidu, however, has said that its systems played no part in the attack.
Greatfire.org produces mirror websites that let Chinese users see information normally blocked by government censors. The group doesn't reveal where it's located or who runs it. The Open Technology Fund, a U.S. government-backed initiative to support Internet freedom, says on its website that it provided Greatfire.org with $114,000 in 2014.
On April 1, the White House issued an executive order “blocking the property of certain persons engaging in significant malicious cyber-enabled activities.”
While the executive order was clearly intended to send a message, Stiennon said further action should be considered. “The U.S. government should respond [to the GitHub attack] – it probably should be a diplomatic response.
The Cyberspace Administration of China was unavailable for comment on this story.
Follow James Rogers on Twitter @jamesjrogers
The Associated Press contributed to this report.