Github is getting hammered by a huge distributed-denial-of-service attack. Looks like it pissed off the wrong pro-censorship group: The attack is aimed at two popular Github projects, Great Fire and CN-NY Times, that help Chinese citizens get around their government's restrictive online censors to access blocked content.

Who does that?

The attackers are using China's search engine Baidu to conduct a sort of "HTTP hijacking," in the words of the security researcher from Insight Labs who discovered how the attack was going down.

Advertisement

Baidu serves ads and other bits of code to websites all over the world. But when people outside China access a site that's serving Baidu's code, they get a special malware injection. It appears that people with access to the traffic on the border of China's internet ‚ÄĒ often called the Great Firewall of China ‚ÄĒ injected a malicious script into the HTTP connections of these visitors. The script directs web traffic back to Great Fire and CN-NY Times, flooding those sites with traffic.

Since Baidu is extremely popular, the overflow of traffic was too much for Github. It was still fighting off the attack a few hours ago:

Advertisement

It's still not clear who conducted this attack but you are welcome to make an educated guess in the comments.

[Register]

Image via Flickr / Dan Hankins


Contact the author at kate.knibbs@gizmodo.com.
Public PGP key
PGP fingerprint: FF8F 0D7A AB19 6D71 C967 9576 8C12 9478 EE07 10C

Advertisement