The popular coding website GitHub was hit with a massive denial-of-service (DDoS) attack late Thursday night, with some users experiencing intermittent service outages. According to security researcher and blogger Anthr@x, the ongoing attack, which intensified on and off for more than 24 hours, appeared to originate from the Chinese web services company Baidu:
“A certain device at the border of China’s inner network and the Internet has hijacked the HTTP connections went into China, [and] replaced some javascript files from Baidu with malicious ones . . . every two seconds.”
Internet traffic was redirected to two GitHub pages – one ran by GreatFire, and another mirroring Chinese translation of The New York Times. In a recent update on GitHub’s Status page and Twitter, the company announced this morning:
We've deployed our volumetric attack defenses against an extremely large amount of traffic. Performance is stabilizing. — GitHub (@github) March 27, 2015
Some have speculated the attack comes as a message to reinforce Chinese web censorship, obfuscating the means for Internet users to evade the country’s firewall. "This could be the work of a hacktivist or other group sympathetic to Chinese interests, and not an attack officially sanctioned by the Chinese government," said Tripwire Senior Security Analyst Ken Westin.
"It is still speculative at this point that this is the work of Chinese censors; however, if Chinese censors are involved in this attack, it is quite brazen and dangerous, as they have essentially hijacked users' browsers within their own borders to participate in an attack against a specific service in the U.S."
Last week, Greatfire.org – a group that aims to help Chinese Internet users to access blocked websites – underwent a similar DDoS attack, which flooded the site with nearly 2.6 billion requests per hour.