GitHub attack marks escalation in China’s cyber censorship battle, experts warn

The ongoing denial-of-service attack against code-sharing site GitHub marks an escalation in China’s cyber censorship battle, security experts warn, urging a strong response from the U.S. government.

San Francisco-based GitHub has not said who it believes is behind the attack, which started last month, although the finger of suspicion has been pointed firmly in the direction of China. Anti-online censorship group says that Chinese authorities took over computers both inside and outside the country to launch cyberattacks against the website and GitHub, which hosts some of the group's data.

The attack, which was the largest in GitHub’s history, began March 26, causing intermittent shutdowns of the code sharing forum. The shadowy attackers used the web browsers of “unsuspecting, uninvolved people" to flood with high levels of traffic, according to GitHub. On March 31, after days of battling the attack, GitHub reported that that its service was operating normally.

“I believe that it’s likely that it is the government of China behind this,” Mikko Hypponen, chief research officer at software security specialist F-Secure told “The reason why the attack is still ongoing is because their target is to cause pain for GitHub.”

“It’s a tremendous escalation of nation state enforcement of their policy of banning what people can get access to,” added Richard Stiennon, chief research analyst at IT-Harvest. “China probably thinks of the U.S.’s Internet infrastructure as the wild wild west, where everybody does what they want – this could be bad, if the government doesn’t respond, there will be more attacks.”

Security expert Robert Graham traced a machine used in the GitHub attack to a location on or near the so-called “Great Firewall of China” -- the technology infrastructure for Internet censorship in China. “This is important evidence for our government,” he wrote, in a blog post. “It'll be interesting to see how they respond to these attacks - attacks by a nation state against key United States Internet infrastructure.”

The long-running nature of the digital assault also underlines the threat posed by shadowy attackers. A person with knowledge of the issue told Monday that the attack is ongoing, but has decreased in intensity. GitHub, the person added, is mitigating the attack well and is fully operational.

F-Secure’s Hypponen told that GitHub poses a unique challenge for China. “With every single GitHub page encrypted, “The Great Firewall of China” is unable to block individual pages on the site. “They would have to block everything, and that will not happen because a lot of Chinese companies are using GitHub,” he said. “The only option that China has is to bully GitHub.” said it had mirrored some of its content on GitHub repositories, and that the data were the targets of the attacks. added that Chinese authorities carried out the attacks by installing malicious code on the computers of users visiting the popular Chinese search engine Baidu and related sites and using those computers to overwhelm GitHub and websites with service requests.

The group said the attacks marked the first of their kind blamed on Chinese authorities and represented a dangerous escalation for a country that already tightly restricts what Chinese can see online. said it was a direct target of similar denial-of-service attacks earlier in March.

Baidu, however, has said that its systems played no part in the attack. produces mirror websites that let Chinese users see information normally blocked by government censors. The group doesn't reveal where it's located or who runs it. The Open Technology Fund, a U.S. government-backed initiative to support Internet freedom, says on its website that it provided with $114,000 in 2014.

On April 1, the White House issued an executive order “blocking the property of certain persons engaging in significant malicious cyber-enabled activities.”

While the executive order was clearly intended to send a message, Stiennon said further action should be considered. “The U.S. government should respond [to the GitHub attack] – it probably should be a diplomatic response.

The Cyberspace Administration of China was unavailable for comment on this story.

Follow James Rogers on Twitter @jamesjrogers

The Associated Press contributed to this report.