Github – a popular coding website used by programmers to collaborate on software development – was hit by a large-scale distributed denial of service (DDoS) attack for more than 24 hours late Thursday night.
It seems like when users from outside countries visit different websites on the Internet that serve advertisements and tracking code from Chinese Internet giant Baidu, the assailants on Chinese border quietly inject malicious JavaScript code into the pages of those websites.
The code instructs browsers of visitors to those websites to rapidly connect to GitHub.com every two seconds in a way that visitors couldn't smell, creating "an extremely large amount of traffic," according to a researcher who goes by the name A nthr@x.
"A certain device at the border of China's inner network and the Internet has hijacked the HTTP connections went into China, replaced some JavaScript files from Baidu with malicious ones," A nthr@x wrote at Insight Labs.
"In other words, even people outside China are being weaponized to target things the Chinese government does not like, for example, freedom of speech."
The attack specifically targets two popular Github projects – GreatFire and CN-NYTimes – anti-censorship tools used to help Chinese citizens circumvent The Great Firewall Of China, the government's censorship of Internet access in China.
- GreatFire – A well-known group on Github that fights against Chinese government censorship of the Internet.
- CN-NYTimes – A group that hosts New York Times mirrors to allow Chinese citizens to access the news website, which is normally blocked in China.
Since Baidu search engine is extremely popular, the attack results in the massive flood of traffic on the Github website which begun around 2 AM UTC on Friday and last for more than 24 hours.
GitHub said yesterday that the flood of traffic, a continuous string of distributed denial-of-service attacks, caused irregular outages and that their admins have been working to mitigate the attack with periodic success.
However, the most recent status on the site says the company has deployed new defenses.
"We're aware that GitHub.com is intermittently unavailable for some users during the ongoing DDoS," GitHub said in a message posted at 1549 UTC Friday.
"Restoring service for all users while deflecting attack traffic is our number one priority. We've deployed our volumetric attack defenses against an extremely large amount of traffic. Performance is stabilizing," a message posted by Github at 15:04 UTC says.
Later, the company noted, "We've been under continuous DDoS attack for 24+ hours. The attack is evolving, and we're all hands on deck mitigating."
The researcher analyzed the attack and dug out the injected JavaScript that looks like this (pastebin), once unscrambled.
Chinese search engine giant has denied any involvement in the current DDoS attack, saying that Baidu was not intentionally involved in any traffic redirection. "We've notified other security organizations," the company said in a statement, "and are working together to get to the bottom of this."