GitHub was hit with a massive DDoS attack from China

GitHub, the popular web based hosting service for software development, was hit with a massive Distributed Denial of Service (DDoS) attack from China for the past 24 hours. The attack started sometime on Wednesday, when Chinese web services company Baidu, started directing traffic to two specific GitHub pages.


One page, run by GreatFire and the other that handles Chinese translations of The New York Times were flooded with massive useless traffic from Baidu causing website to go down several times on Thursday night.

GitHub tweeted,

Is Baidu really behind these DDoS attacks

Baidu has rejected allegations and ruled out any involvement in the attack. The Chinese giant said that its internal security has not been compromised and it did not intentionally direct any traffic to GitHub. The company released a statement saying that, “We’ve notified other security organizations, and are working together to get to the bottom of this.”

So who is actually behind these attacks, if not Baidu?

A security researcher from Insight- labs who analyzed this attack, said that a certain device at the border of China’s inner network and the Internet has hijacked the HTTP connections going into China, replaced some javascript files from Baidu with malicious ones that would load.

Baidu is known to serve advertisements and other codes to many websites around the world. However, when users sitting outside China, surf websites running Baidu codes, they are attacked with malware codes instead. So it is a great possibility that people who have access to the traffic at the border of China’s internet, also called as the Great Firewall of China, have injected malicious scripts into the HTTP connections of these visitors.

Since GitHub is worked over HTTPS, countries cannot block just a few of its pages. To stop GitHub, the whole website has to be down, which attackers eventually decided to do. Also, since, Baidu generates huge volumes of traffic; it became a perfect source weapon for attackers as GitHub could never handle such great traffic.

Posted by with Tags
Ankit Gupta is a writer by profession and has more than 7 years of global writing experience on technology and other areas. He follows technological developments and likes to write about Windows & IT security. He has a deep liking for wild life and has written a book on Top Tiger Parks of India.

One Comment

  1. Dan

    Reading the cited researcher’s report, and data he himself therein had link to, one wonders if this kind of attack didn’t involve exploiting router access vulnerability to deliver the code injections, ala Lizard Squad earlier this year. I suggest as the report the researcher linked to mentioned its own finding that in January a similar thing occurred, showing IPs from all over China…like Brian Krebs mentioned Google VMs had done when so hit by Lizard Squad with widely scattered concurrent queries. Cheers!

Leave a Reply

Your email address will not be published. Required fields are marked *

8 + 2 =