This article is from the source 'nytimes' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.
You can find the current article at its original source at http://www.nytimes.com/2015/03/31/technology/china-appears-to-attack-github-by-diverting-web-traffic.html
The article has changed 6 times. There is an RSS feed of changes available.
Version 1 | Version 2 |
---|---|
China Appears to Attack GitHub by Diverting Web Traffic | China Appears to Attack GitHub by Diverting Web Traffic |
(about 1 hour later) | |
HONG KONG — The Chinese government has long used a sophisticated set of Internet filters known as the Great Firewall as a barrier to prevent its citizens from obtaining access to foreign websites with information it deems threatening. | |
But in a recent series of attacks on websites that try to help Internet users in China circumvent this censorship, the Great Firewall appears to have been used instead as a weapon, diverting a portion of the torrents of Internet traffic that flow through it to overload targeted websites. | But in a recent series of attacks on websites that try to help Internet users in China circumvent this censorship, the Great Firewall appears to have been used instead as a weapon, diverting a portion of the torrents of Internet traffic that flow through it to overload targeted websites. |
In doing so, the Chinese government is taking advantage of and damaging one of China’s own Internet companies: Baidu. The attacks appear to hijack advertising and analytics traffic intended for Baidu, China’s largest search company, and then send that traffic to smaller websites in what is known as a distributed denial of service or DDoS attack. The huge flow of traffic has the effect of crashing the sites. | |
The aggressive new strategy shows vividly how Beijing is struggling to balance its desire to control the flow of information online with the aim of encouraging the growth of its tech sector. | The aggressive new strategy shows vividly how Beijing is struggling to balance its desire to control the flow of information online with the aim of encouraging the growth of its tech sector. |
The main target of the recent barrage is GitHub, a popular website that acts as a library of code for programmers. While it is an indispensable tool for tech companies in China, it also hosts several pages that enable users to view sites blocked in the country. | The main target of the recent barrage is GitHub, a popular website that acts as a library of code for programmers. While it is an indispensable tool for tech companies in China, it also hosts several pages that enable users to view sites blocked in the country. |
Because GitHub is fully encrypted, China’s domestic web filters cannot distinguish between pages that host code useful to programmers and code that circumvents censorship. In 2013, when the government fully blocked GitHub, it caused an outcry among China’s many computer engineers, leading to the site’s subsequent unblocking. | Because GitHub is fully encrypted, China’s domestic web filters cannot distinguish between pages that host code useful to programmers and code that circumvents censorship. In 2013, when the government fully blocked GitHub, it caused an outcry among China’s many computer engineers, leading to the site’s subsequent unblocking. |
The new attacks take more of a siege approach, hitting the site with a costly and difficult-to-manage barrage of traffic in the hopes it will remove two pages, one with code from GreatFire.org — a nonprofit organization that runs mirrors of blocked sites including Google, the BBC and The New York Times — and another that hosts links to mirror sites of the Chinese version of The New York Times. | The new attacks take more of a siege approach, hitting the site with a costly and difficult-to-manage barrage of traffic in the hopes it will remove two pages, one with code from GreatFire.org — a nonprofit organization that runs mirrors of blocked sites including Google, the BBC and The New York Times — and another that hosts links to mirror sites of the Chinese version of The New York Times. |
The New York Times declined to comment on the attacks. | The New York Times declined to comment on the attacks. |
“This is a huge problem for free expression,” said Lokman Tsui, an assistant professor at the Chinese University of Hong Kong. He added that these attacks could lead sites like GitHub to decide it is too much trouble to host content deemed problematic by China. | “This is a huge problem for free expression,” said Lokman Tsui, an assistant professor at the Chinese University of Hong Kong. He added that these attacks could lead sites like GitHub to decide it is too much trouble to host content deemed problematic by China. |
“This is a message to the people who maintain GitHub: Either you kick out GreatFire and The New York Times, or we’ll keep this up,” said Mikko Hypponen, the chief research officer at the security firm F-Secure. | “This is a message to the people who maintain GitHub: Either you kick out GreatFire and The New York Times, or we’ll keep this up,” said Mikko Hypponen, the chief research officer at the security firm F-Secure. |
The new attacks come as Beijing has increased censorship in China, and grown more vocal about how the Internet should be governed globally. In a number of recent public appearances, China’s Internet czar, Lu Wei, has called for respect for China’s Internet sovereignty, meaning that China should have the right to manage the Internet within its borders as it wants. | The new attacks come as Beijing has increased censorship in China, and grown more vocal about how the Internet should be governed globally. In a number of recent public appearances, China’s Internet czar, Lu Wei, has called for respect for China’s Internet sovereignty, meaning that China should have the right to manage the Internet within its borders as it wants. |
But the GreatFire.org material on GitHub, which is based in San Francisco, offers an unusual exception. By offering code that unblocks sites within China, it is assumed to be violating Chinese laws from abroad. James Andrew Lewis, a senior fellow at the Center for Strategic and International Studies, said the attack was an attempt to deal with extraterritoriality on the Internet. | But the GreatFire.org material on GitHub, which is based in San Francisco, offers an unusual exception. By offering code that unblocks sites within China, it is assumed to be violating Chinese laws from abroad. James Andrew Lewis, a senior fellow at the Center for Strategic and International Studies, said the attack was an attempt to deal with extraterritoriality on the Internet. |
“China is trying to redefine the rules of the Internet and they’re feeling their way forward as they do it,” he said. “This is one of another set of actions to say China will have a bigger voice in how the Internet works.” | “China is trying to redefine the rules of the Internet and they’re feeling their way forward as they do it,” he said. “This is one of another set of actions to say China will have a bigger voice in how the Internet works.” |
He added that the United States had reacted strongly to distributed denial of service attacks by Iran in the past, and in this case the Obama administration could increase pressure and enact stiffer penalties against China if these types of attacks continue. | He added that the United States had reacted strongly to distributed denial of service attacks by Iran in the past, and in this case the Obama administration could increase pressure and enact stiffer penalties against China if these types of attacks continue. |
If the style of the most recent wave of attacks is well known, novel elements present major difficulties for those seeking to keep the site up, according to a number of security experts. In particular, because the traffic comes from real users scattered across the globe, instead of a concentrated network of infected computers, it is hard to sort the real traffic from the fake. | If the style of the most recent wave of attacks is well known, novel elements present major difficulties for those seeking to keep the site up, according to a number of security experts. In particular, because the traffic comes from real users scattered across the globe, instead of a concentrated network of infected computers, it is hard to sort the real traffic from the fake. |
Experts said they could not be certain who was behind the attacks. But it appears that signals to or from Baidu ads and analytics tools are being redirected toward the targeted sites when users outside China visit a site inside China. Because the signals seem to be diverted at the gateway between China and the rest of the world, analysts suspect the government and the Great Firewall. | Experts said they could not be certain who was behind the attacks. But it appears that signals to or from Baidu ads and analytics tools are being redirected toward the targeted sites when users outside China visit a site inside China. Because the signals seem to be diverted at the gateway between China and the rest of the world, analysts suspect the government and the Great Firewall. |
In a post on a security website run by Insight Labs, an analyst wrote that “a certain device at the border of China’s inner network and the Internet has hijacked” connections going into China. | In a post on a security website run by Insight Labs, an analyst wrote that “a certain device at the border of China’s inner network and the Internet has hijacked” connections going into China. |
“In other words,” the post continued, “even people outside China are being weaponized to target things the Chinese government does not like, for example, freedom of speech.” | “In other words,” the post continued, “even people outside China are being weaponized to target things the Chinese government does not like, for example, freedom of speech.” |
Mr. Hypponen said the on-again off-again waves of attack traffic acted similarly to the way the Great Firewall filters, and that the capabilities and motivations also pointed to Beijing. | Mr. Hypponen said the on-again off-again waves of attack traffic acted similarly to the way the Great Firewall filters, and that the capabilities and motivations also pointed to Beijing. |
“Who else would have the motivation to do these attacks? Who else would have the capabilities to do these attacks?” he said. | “Who else would have the motivation to do these attacks? Who else would have the capabilities to do these attacks?” he said. |
In a statement on Friday, GitHub said the attack was the largest of its type to have targeted the site. It added that the attack featured “some sophisticated new techniques that use the web browsers of unsuspecting, uninvolved people to flood GitHub.com with high levels of traffic.” | In a statement on Friday, GitHub said the attack was the largest of its type to have targeted the site. It added that the attack featured “some sophisticated new techniques that use the web browsers of unsuspecting, uninvolved people to flood GitHub.com with high levels of traffic.” |
“Based on reports we’ve received,” the company said, “we believe the intent of this attack is to convince us to remove a specific class of content.” | “Based on reports we’ve received,” the company said, “we believe the intent of this attack is to convince us to remove a specific class of content.” |
As of Monday GitHub said services were operating normally, but attack traffic continued. | As of Monday GitHub said services were operating normally, but attack traffic continued. |
The attacks also put Baidu in a difficult position. Calling it the price of doing business in China, Mr. Tsui of the Chinese University of Hong Kong said the company was “being used” and pointed out that the attack was directly hitting the company’s bottom line by interrupting advertising traffic. | The attacks also put Baidu in a difficult position. Calling it the price of doing business in China, Mr. Tsui of the Chinese University of Hong Kong said the company was “being used” and pointed out that the attack was directly hitting the company’s bottom line by interrupting advertising traffic. |
In a statement, Kaiser Kuo, a Baidu spokesman, said the company found no security breaches and was working with other organizations to get to the bottom of the attack. | In a statement, Kaiser Kuo, a Baidu spokesman, said the company found no security breaches and was working with other organizations to get to the bottom of the attack. |
Still, some security experts were skeptical of Baidu’s response. One person, who declined to be named because of concerns about retribution from the Chinese government, said that the attack meant that a portion of the data the company would normally get from its advertisements did not come through and the company should have noticed that earlier. | Still, some security experts were skeptical of Baidu’s response. One person, who declined to be named because of concerns about retribution from the Chinese government, said that the attack meant that a portion of the data the company would normally get from its advertisements did not come through and the company should have noticed that earlier. |
In response to the questions, Mr. Kuo pointed out that the attack was “novel” and said that the amount of misdirected traffic was only several thousandths of a percent of the company’s total traffic, making it difficult to detect the problem. | In response to the questions, Mr. Kuo pointed out that the attack was “novel” and said that the amount of misdirected traffic was only several thousandths of a percent of the company’s total traffic, making it difficult to detect the problem. |
“You can flood a home and cause a lot of damage with the water in a swimming pool, but are you going to notice if a pool’s worth of water is shunted off from one of the Great Lakes?” he said. | “You can flood a home and cause a lot of damage with the water in a swimming pool, but are you going to notice if a pool’s worth of water is shunted off from one of the Great Lakes?” he said. |