China vs The Internet, GitHub DDoS edition

Linc · March 2015

GitHub is currently under a sophisticated DDoS attack (now in day 4) that appears to originate from China. Iconfactory recently had a similar attack and hypothesized that most companies experiencing these types of attacks are simply keeping quiet.

The non-technical summary is that Chinese sources are using tactics like DNS poisoning and malicious Javascript in popular sites to cause non-Great Firewall'd traffic to torch websites that do things they don't like. To them, GitHub et al are nuisances to be punished for defying them and they will manipulate the entire Internet to do so.

EMT · March 2015

Some Sunday learning. Could this even possibly force GitHub to abandon certain projects they host?

The attack is hijacking the Chinese-bound traffic of users outside China, so you may be participating in it when you browse Youku, Taobao, or even nearby websites that incorporate Baidu user tracking. While you browse, the attack injects Javascript to silently bother GitHub projects that aid circumvention China's firewall for people in China. Allegedly, the Javascript is being injected by that same firewall.

Some technical sleuthing. It sounds like it won't happen on sites that refer to Baidu via HTTPS for user tracking/analytics.

Linc · March 2015

@EMT said:
Could this even possibly force GitHub to abandon certain projects they host?

Knowing their company, no. Censoring code is anathema to why they're in business.

Garg · March 2015

What's funny is this time, China is messing with programmers that know how to defend themselves. They're not just running to their CDN and asking for help. The temporary solution of inserting an alert() in the page is pretty clever.

@EMT said:
Could this even possibly force GitHub to abandon certain projects they host?

Since they are targeting two repos in particular (Greatfire and Chinese NY Times), the message is pretty clear, but I can't imagine GitHub would give in.