Researchers have named the capability "The Great Cannon"
The Great Firewall began intercepting the Facebook Login applet on Sunday, replacing it with a new single-line redirection code from two third-party sites. The result is that, for non-VPN users in China, any page with a Facebook Login button has been redirecting to two sites: wpkg.org or ptraveler.com, an open-source software project and a personal travel blog respectively. It's unclear why the Chinese government would want to send users to these sites, although ptraveler.com seems to have been brought down by the flood of traffic.
It's not the first time China has performed this kind of traffic interception. In March, a similar redirection was used to perform a denial-of-service attack on GitHub, apparently in retaliation for dissident content posted through the service. Since the new code is injected as content passes through China's national web filters, there's little doubt that the Chinese government is responsible for the attacks. The research group Citizen Lab has named the capability "The Great Cannon," a play on the Great Firewall censorship filter.
It's difficult to say why Facebook Login is being targeted, since the net effect for most users is simply to redirect the browser to an unrelated homepage. Facebook itself is officially blocked in China, although the block has been relaxed in recent years. Some have speculated that an injection attack like this could be used to spoof a Facebook login, but if such an attack is being carried out, it's likely targeted to only a handful of users and effectively invisible on the network scale. It's likely both sites have seen a huge uptick in traffic, but there's no clear reason why these sites would be targets for the Great Cannon, or why Facebook would be the conduit for that attack.
4/28 3:33pm ET: Updated with Facebook comment, and to clarify that Facebook Login is the name of the affected login service. The initial piece had referred to it as Facebook Connect.