The popular coding website Github suffered a large-scale distributed denial of service (DDoS) attack that lasted more than 24 hours starting from Thursday night.
Visitors who tried to access several websites in Internet used has DDoS gunner, noticed that those websites was serving advertisements and tracking code from Chinese Baidu, the code used by attackers instructs browsers of visitors to those websites to connect GitHub.com every two seconds. The technique allowed the attackers to generate “an extremely large amount of traffic,” according to researcher Anthr@x from Insight-labs.
The attackers have chosen the Baidu search engine because it has an impressive amount of visitors that were recruited with this technique in the attack that resulted in the massive flood of traffic on the Github website.
In time I’m writing Baidu denied any responsibility for the redirection mechanism exploited for the DDoS attacks:
“We’ve notified other security organizations,” states the company in an official statement, “and are working together to get to the bottom of this.“
GitHub confirmed that the distributed denial-of-service attacks, caused irregular outages of the service.
The experts speculate that the attackers are linked to the Chinese Government that used the browsers of unaware users to hit a website not “aligned” to the Government of Beijing.
every two seconds.
“In other words, even people outside China are being weaponized to target things the Chinese government does not like, for example, freedom of speech.” reported the post on insight-labs.
The attackers used this DDoS variant to hit two popular Github projects, the GreatFire and CN-NYTimes, that are two anti-censorship tools used to avoid censorship operated by China and cirmcument The Great Firewall Of China.
Below the descripions of the two development groups active on Github platform.
GitHub has informed the users that the company has deployed new defense to protect the website from attackers that are also responding by adapting their tactics, as reported by Status Message Board.
4:46 UTCThe ongoing DDoS attack has adjusted tactics again. We are continuing to adapt and mitigate it.2:30 UTCThe ongoing DDoS attack has shifted to include Pages and assets. We are updating our defenses to match.
“Restoring service for all users while deflecting attack traffic is our number one priority. We’ve deployed our volumetric attack defenses against an extremely large amount of traffic. Performance is stabilizing,” a message posted by Github at 15:04 UTC says.
“We’ve been under continuous DDoS attack for 24+ hours. The attack is evolving, and we’re all hands on deck mitigating.”
(Security Affairs – DDoS, GitHub)