Skip to main content

Last night, GitHub was hit with massive denial-of-service attack from China

Last night, GitHub was hit with massive denial-of-service attack from China

Share this story

Last night, GitHub was hit with a massive denial of service attack. Some time Wednesday, scripts belonging to the internet giant Baidu began directing traffic to two specific GitHub pages: one run by GreatFire, and another mirroring Chinese translations of The New York Times. The result for Github was a massive flood of traffic, which built for more than 24 hours before causing partial outages Thursday night. Server logs show a sudden drop in app server availability just before midnight, and page failure rates spiking to 100% just before 3am. Although according to admins, the attack is still ongoing, and recent tweets suggest a surge in attack volume on Friday morning.

Baidu has denied any involvement in the attack, saying that while its internal security was not compromised, the company was not intentionally involved in any traffic redirection. "We've notified other security organizations," the company said in a statement, "and are working together to get to the bottom of this." Early analysis seems to confirm this, and it's most likely that the scripts were hijacked as they crossed the Chinese Border. "A certain device at the border of China’s inner network and the Internet has hijacked the HTTP connections went into China, replaced some javascript files from Baidu with malicious ones," wrote a researcher at Insight Labs.

Observers are speculating that the attack was meant to enforce Chinese web censorship, knocking out any way for Chinese citizens to circumvent the country's Great Firewall. Last week, GreatFire's mirror sites came under a similar DDoS attack, which threatened to knock the service offline. Because GitHub is served over HTTPS, countries can't block individual pages without blocking the entire site, a feature that's proved extremely useful for anti-censorship services like Great Fire. (Google Reader provided a similar service before it was shut down.) As a result, censors seem to have decided to bring the entire site down, using Baidu's broad reach as a means of generating staggering volumes of traffic.

3/27 11:32am: GitHub is reporting a new surge in the attack; we've updated the piece accordingly.

12:11pm: Updated with Baidu's denial and related technical details.