GitHub, the popular web based hosting service for software development, was hit with a massive Distributed Denial of Service (DDoS) attack from China for the past 24 hours. The attack started sometime on Wednesday, when Chinese web services company Baidu, started directing traffic to two specific GitHub pages.
One page, run by GreatFire and the other that handles Chinese translations of The New York Times were flooded with massive useless traffic from Baidu causing website to go down several times on Thursday night.
GitHub tweeted,
The DDoS attack is amplifying again. We are working to mitigate with all hands on deck.
Is Baidu really behind these DDoS attacks
Baidu has rejected allegations and ruled out any involvement in the attack. The Chinese giant said that its internal security has not been compromised and it did not intentionally direct any traffic to GitHub. The company released a statement saying that, “We’ve notified other security organizations, and are working together to get to the bottom of this.”
So who is actually behind these attacks, if not Baidu?
A security researcher from Insight- labs who analyzed this attack, said that a certain device at the border of China’s inner network and the Internet has hijacked the HTTP connections going into China, replaced some javascript files from Baidu with malicious ones that would load.
Baidu is known to serve advertisements and other codes to many websites around the world. However, when users sitting outside China, surf websites running Baidu codes, they are attacked with malware codes instead. So it is a great possibility that people who have access to the traffic at the border of China’s internet, also called as the Great Firewall of China, have injected malicious scripts into the HTTP connections of these visitors.
Since GitHub is worked over HTTPS, countries cannot block just a few of its pages. To stop GitHub, the whole website has to be down, which attackers eventually decided to do. Also, since, Baidu generates huge volumes of traffic; it became a perfect source weapon for attackers as GitHub could never handle such great traffic.