The ongoing DDoS attack on GitHub, which has made the social coding site intermittently unresponsive since March 25, is essentially a side effect of an older operation from the Chinese government against a site run by the anti-censorship project GreatFire.org.
According to an analysis of the attacks by researchers at Swedish vendor Netresec AB, that’s where the Chinese government intervenes.
That tactic is virtually identical to one used in the attack on GreatFire earlier in March, GreatFire officials said.
“Millions of global internet users, visiting thousands of websites hosted inside and outside China, were randomly receiving malicious code which was used to launch cyberattacks against GreatFire.org’s websites. Baidu’s Analytics code (h.js) was one of the files replaced by malicious code which triggered the attacks. Baidu Analytics, akin to Google Analytics, is used by thousands of websites. Any visitor to any website using Baidu Analytics or other Baidu resources would have been exposed to the malicious code,” the Great Fire analysis says.
GitHub officials have been working to mitigate the effects of the DDoS attacks, with varying degrees of success. The latest status update from GitHub on Tuesday morning shows that the service is operating normally at the moment. GreatFire officials have published a detailed report on the attack, and have concluded that the Chinese government is behind both DDoS attacks.
“When we first blogged about this attack we did not want to level accusations without evidence. Based on the technical forensic evidence provided above and the detailed research that has been done on the GitHub attack, we can now confidently conclude that the Cyberspace Administration of China (CAC) is responsible for both of these attacks,” the GreatFire blog post says.