29 - Great Cannon of China
Lance and JS discuss censoring attacks from China targeting Github.
Show notes
- At the end of March 2015, China attacked Github with a massive DDoS attack that intermittently crashed the website for multiple days. They were targeting 2 projects, GreatFire and cn-nytimes.
- Over the years China attacked Github multiple times. Blocked traffic with DNS hijacking to Mitm TLS attacks. This is scary considering that China has some trusted Root CA in all of our computers.
- The JavaScript was silently injected into the traffic of sites that use an analytics service that China-based search engine Baidu makes available so website operators can track visitor statistics.
- load two GitHub pages, one a mirror of anti-censorship site GreatFire.org the other a copy of the China edition of The New York Times.
- Now, Rob Graham, CEO of Errata Security, has traced the origin of the malicious code to China Unicom, the same telecom that has been caught before aiding the massive censorship apparatus known as the Great Firewall of China.
Says that the infected Javascript was directly injected when visiting the Baidu search engine.
- Some people are calling this DDoS tool the Great Canon of China.
- As we mentioned earlier, what’s interesting is that it hijacks traffic from a really large number of computers in China which are not really compromised, other than that they are in China.
- The GC seems to hijack traffic to Baidu, so it is possible that Baidu might not be working with the attacker. It hijacks the request for a javascript file and returns a malicious one that tells the browser to request things on Github.
- According to CitizenLab, the Chinese government is probably behind this attack.
Was at that time the biggest DDoS attack ever.