GitHub DDoS Security Update and Analysis
I was given an article to read by a friend about GitHub’s recent DDoS attacks they began experiencing last Thursday. As a web developer who uses GitHub, this seemed interesting even though I was never really into security news. However, it caught enough of my attention to the point where I included it in last week’s episode of TiG Tech Talk.
All the articles I read on this pointed the finger on China, saying they were the root cause. The evidence for this did seem to add up. As of now, I also will say that China was behind the attack, and I am very strict and careful when it comes to pointing fingers.
GitHub, however, remains silent on the cause of the attack and gave the following statement:
“Based on reports we’ve received, we believe the intent of this attack is to convince us to remove a specific class of content.” – GitHub
This is where DDoS comes in. DDoS stands for ‘Distributed Denial of Service.’ When a DDoS attack is intended against a victim, this means the intention behind the attack is to stop the victims services. So for GitHub, the attackers intention was to stop GitHub’s website (or take it down).
This intention can be accomplished by constantly making requests to a victim (GitHub), until the victim will finally stop allowing requests because of the price they pay for constantly handling these requests. A simpler way of explaining this is to imagine if someone paid a hundred people to knock on your door one after another. When you respond to the first random person, not knowing who they are, you would ask them to leave or say ‘wrong house’ or something. Same with the second person, third person, and this will go on until you finally get annoyed and stop answering the door all together. In other words, stop handling requests all-together. This is how you have been ‘shut down’ since you are no longer answering your door. So the attackers who made constant requests to GitHub were hoping that GitHub will simply stop responding to requests. This will lead to making GitHub near useless.
One might ask, why doesn’t GitHub just block the source of all these requests? The answer is simple. We stated earlier that the code runs on the users’ computers when they visit an infected website. This means the source of the attack is not from one location, but hundreds or thousands of many locations distributed throughout China. So the only way for GitHub to block the source of the attack is to block all of China. But if they do this, then the China hackers have won.
Now why do I say that China did this? It could be some Chinese citizen in his basement causing the attacks. The reason I believe China (as in the Chinese government in charge of their internet) is behind this attack is because of the evidence.
When you go to GreatFire’s website, you will find that it’s a website exposing China’s strict internet regulation laws. The website accomplished this by listing what China has blocked since 2011. If this website is legit, and China wants to keep their internet regulations secret, then obviously this website would be an enemy to China. From this, I can also conclude that China was behind the attacks on GitHub since they were trying to attack GreatFire’s GitHub page.
What’s even weird is that when I navigated to GitHub.com/greatfire, and Github.com/cn-nytimes/, I receive a message on the page saying:
But this code was only displayed. Not executed. If it was executed, it would show a popup with the warning message.
But a questions arises: Why would China attack GreatFire’s GitHub page if the only one that is infected is GitHub. Constantly attacking GreatFire’s GitHub page does zero damage to GreatFire, and does 100% damage to GitHub. Either they’re not intelligent when it comes to GitHub and internet traffic, or they just don’t like GitHub.
This was my opinion. Tell us what you think below.