Chinese authorities compromise millions in cyberattacks

On March 17th 2015, our websites and partner websites came under a DDoS attack. We had never been subjected to an attack of this magnitude before. This attack was unusual in nature as we discovered that the Chinese authorities were steering millions of unsuspecting internet users worldwide to launch the attack. We believe this is a major cyber-security and economic threat for the people of China.

How did that get there?

After calling on the Internet community for help and assistance, independent researchers with access to our log files discovered the following facts:

  • Millions of global internet users, visiting thousands of websites hosted inside and outside China, were randomly receiving malicious code which was used to launch cyberattacks against GreatFire.org’s websites.

  • Baidu's Analytics code (h.js) was one of the files replaced by malicious code which triggered the attacks. Baidu Analytics, akin to Google Analytics, is used by thousands of websites. Any visitor to any website using Baidu Analytics or other Baidu resources would have been exposed to the malicious code. A list of Baidu resources known to be used for the attack appears in the report.

  • That malicious code is sent to “any reader globally” without distinguishing that user’s geographical location, meaning that the authorities did not just launch this attack using Chinese internet users -  they compromised internet users and websites everywhere in the world.

  • The tampering takes places someplace between when the traffic enters China and when it hits Baidu’s servers. This is consistent with previous malicious actions and points to the Cyberspace Administration of China (CAC) being directly involved in these attacks.

More technical details of the attack can be read in a research report titled “Using Baidu to steer millions of computers to launch denial of service attacks”.

GitHub Suffers DDoS Attack

On March 25 the Chinese authorities used the same techniques to launch a DDoS attack on GitHub - our page was one of the main targets. To mitigate the DDoS attack, we mirrored content on our GitHub repository and asked users to access that page directly. The attackers then switched their attack to our GitHub page.

GitHub stated:

We are currently experiencing the largest DDoS (distributed denial of service) attack in github.com's history. The attack began around 2AM UTC on Thursday, March 26, and involves a wide combination of attack vectors. These include every vector we've seen in previous attacks as well as some sophisticated new techniques that use the web browsers of unsuspecting, uninvolved people to flood github.com with high levels of traffic. Based on reports we've received, we believe the intent of this attack is to convince us to remove a specific class of content.

We believe that “a specific class of content” refers to GreatFire.org’s GitHub page. To combat the DDoS attack from malicious JS code injected by CAC, GitHub modified https://github.com/greatfire/ to show a message to users: "WARNING: malicious javascript detected on this domain".

The URL to access our GitHub page ( https://github.com/greatfire/) is hard coded into the malicious JS. Our page is still accessible and only users who have been exposed to the malicious code will see the warning pop up message while browsing other websites. The GitHub attack is still ongoing and the malicious JS is still being injected for approximately 1% of foreign visitors to websites that are using elements from Baidu.

 

The Implications

When we first blogged about this attack we did not want to level accusations without evidence. Based on the technical forensic evidence provided above and the detailed research that has been done on the GitHub attack, we can now confidently conclude that the Cyberspace Administration of China (CAC) is responsible for both of these attacks.

Hijacking the computers of millions of innocent internet users around the world is particularly striking as it illustrates the utter disregard the Chinese authorities have for international as well as even Chinese internet governance norms. There was no way for an average internet user to prevent themselves from being exploited as part of this attack. This statement from Lu Wei, the head of the Cyberspace Administration of China, encapsulates our thoughts and concerns about these attacks:

We should establish an Internet order that helps maintain security. The Internet is a worldwide platform for sharing information. It is “a community of common interests”. No country is immune to such global challenges as cybercrime, hacking and invasion of privacy. In cyberspace, it is becoming increasingly difficult to uphold security for one’s own country by sacrificing that of others. It is also not practical to pursue one’s own interests by rejecting others’ needs. China is also a victim of hacking. We have always firmly opposed all forms of Internet attacks.

Inserting malicious code in this manner can only be done via the Chinese Internet backbone. Even if CAC did not launch the DDoS attack directly, they are responsible for managing the internet in China and it is not possible that they did not know what was happening. These attacks have occurred under CAC’s watch and would have needed the approval of Lu Wei.

Lu Wei and the Cyberspace Administration of China have clearly escalated the tactics that they use to control information. The Great Firewall has switched from being a passive, inbound filter to being an active and aggressive outbound one. This is a frightening development and the implications of this action extend beyond control of information on the internet. In one quick movement, the authorities have shifted from enforcing strict censorship in China to enforcing Chinese censorship on internet users worldwide. CAC can launch these attacks quickly and easily and they have the technical and financial resources behind them to continue to launch DDoS attacks against any website, anywhere in the world.

These attacks also illustrate the shortsighted nature of the Chinese authorities. Weaponizing Chinese internet services stifles global confidence in Chinese entrepreneurs and contributes to the fragmentation of the global internet. The SEC has already asked Weibo to explain how the censorship apparatus works - Baidu, a publicly-listed company in the US, may be called in to do the same.   

We correctly predicted last year that China would increase their use of MITM attacks in an effort to censor encrypted websites. We now sadly predict that the DDoS attacks against us and GitHub are likely to signal a ramping up of attacks against foreign internet properties. These kinds of attacks should draw scorn and criticism from government officials of all countries around the world.

It is important to note that throughout this attack, our Android FreeBrowser app has not been impacted and is still helping thousands of Chinese internet users to bypass censorship and the great firewall every day.

On behalf of the millions of unsuspecting users manipulated by these actions, we call on Lu Wei and the Cyberspace Administration of China (CAC) to bring an end to these DDoS attacks immediately and to apologise for their blatantly disrespectful and dangerous actions.

Further Information

After the attacks started, many overseas Chinese saw these warning messages and started to post screenshots on social media.

One person uploaded a video to YouTube showing what happens when a user is injected with malicious JS in the GitHub DDoS attack. You can also see GitHub’s mitigation efforts in this video.

There are fascinating details about the attack on GitHub and changes made by the Cyberspace Administration of China to maintain the attack.

An earlier report about an unrelated GFW upgrade stated that “Every machine in China has the potential be a part of a massive DDOS attack on innocent sites,” and “They have weaponized their entire population.” That was too optimistic. Now CAC has weaponized the entire Internet population.

Comments

More Blog Posts

Subscribe to our mailing list
Show content from Blog | Google+ | Twitter | All. Subscribe to our blog using RSS.

Thu, Nov 30, 2017

About those 674 apps that Apple censored in China

Apple opened the door on its censorship practices in China - but just a crack.

Tue, May 23, 2017

Is China establishing cyber sovereignty in the United States?

Last week Twitter came under attack from a DDoS attack orchestrated by the Chinese authorities. While such attacks are not uncommon for websites like Twitter, this one proved unusual. While the Chinese authorities use the Great Firewall to block harmful content from reaching its citizens, it now uses DDoS attacks to take down content that appears on websites beyond its borders. For the Chinese authorities, it is not simply good enough to “protect” the interests of Chinese citizens at home - in their view of cyber sovereignty, any content that might harm China’s interests must be removed, regardless of where the website is located.

And so last week the Chinese authorities determined that Twitter was the target. In particular, the authorities targeted the Twitter account for Guo Wengui (https://twitter.com/KwokMiles), the rebel billionaire who is slowly leaking information about corrupt Chinese government officials via his Twitter account and through his YouTube videos. Guo appeared to ramp up his whistle-blowing efforts last week and the Chinese authorities, in turn, ramped up theirs.

via https://twitter.com/KwokMiles/status/863689935798374401

Mon, Dec 12, 2016

China is the obstacle to Google’s plan to end internet censorship

It’s been three years since Eric Schmidt proclaimed that Google would chart a course to ending online censorship within ten years. Now is a great time to check on Google’s progress, reassess the landscape, benchmark Google’s efforts against others who share the same goal, postulate on the China strategy and offer suggestions on how they might effectively move forward.

flowers on google china plaque

Flowers left outside Google China’s headquarters after its announcement it might leave the country in 2010. Photo: Wikicommons.

What has Google accomplished since November 2013?

The first thing they have accomplished is an entire rebranding of both Google (now Alphabet) and Google Ideas (now Jigsaw). Throughout this blog post, reference is made to both new and old company names.

Google has started to develop two main tools which they believe can help in the fight against censorship. Jigsaw’s DDoS protection service, Project Shield, is effectively preventing censorship-inspired DDoS attacks and recently helped to repel an attack on Brian Krebs’ blog. The service is similar to other anti-DDoS services developed by internet freedom champions and for-profit services like Cloudflare.

Thu, Nov 24, 2016

Facebook: Please, not like this

Facebook is considering launching a censorship tool that would enable the world’s biggest social network to “enter” the China market. Sadly, nobody will be surprised by anything that Mark Zuckerberg decides to do in order to enter the China market. With such low expectations, Facebook is poised to usurp Apple as China’s favorite foreign intelligence gathering partner. If the company launches in China using this strategy they will also successfully erase any bargaining power that other media organizations may hold with the Chinese authorities.

Tue, Jul 05, 2016

GreatFire.org 现在开始测试VPN在中国的速度和稳定性

在中国有一个普遍观念,如果你有一个可以使用的VPN,那么你应该保持沉默。就信息自由而言,这种观念的问题在于获取知识竟成了一种秘密。今天,我们推出一个项目,希望能够摧毁这种模型。

我们最新的网站,翻墙中心,目的在于实时提供那些能够在中国使用的翻墙方案的信息和数据。在2011年以来我们就已经开始收集在中国被屏蔽的网站,现在我们也将增加那些可用的VPN和其他翻墙工具。

我们发布翻墙中心主要有四个目的。

我们的首要目标是助长使用翻墙工具的国人的数量。通过分享我们这些工具的信息和数据,我们希望对更广泛的受众展示那些工具时可以使用的。

我们的第二个目标是通过带来工具性能的透明化来提升中国用户的翻墙体验。我们将会测试工具的速度(流行网站的加载速度)和稳定性(流行网站加载成功的程度)。

我们开发速度测试的目的是要真实反映用户的体验。当用户在网站测速时,浏览器在后台会从10个世界上最流行的网站上下载一些资源文件。根据Alexa排名,这些网站分别是Google, Facebook, YouTube, Baidu, Amazon, Yahoo, Wikipedia, QQ, Twitter and Microsoft Live。速度的结果是简单的计算下载文件文件的大小和下载所需的时间。我们同样也会验证下载的文件是否完整。如果文件的内容是错误的或者在40秒内无法完成下载,我们会标记为失败。这个数据被我们用来生成另一个重要指标-稳定性。

其他的速度测试工具仅仅是通过发送数据到它们自己的服务器来测量上传和下载的速度。这种数据无法反应用户的体验,因为正常的浏览器通常会频繁的发送一系列的请求(而不是上传或下载一个大文件)到许多的服务器,而不止是一个。

我们的第二个指标 - 稳定性 - 是其他的服务通常不会测试的。一个健康的互联网连接应该达到100%的稳定性,除非有人在测试中把网线拔了。但是在中国使用翻墙工具却不是这样。任何时候连接都有可能变得不稳定或十分缓慢。根据请求的大小,最终的地点和代理的方式,一些请求有可能会失败。比较服务的稳定性要比比较速度更加重要。

你可以测试任意的翻墙工具,列表之外的也可以。中国的VPN用户也可以测试他们的工具,测试结果也会添加到数据库中。这些数据都将会对所有人开放。实时的在中国测试是非常重要的,因为VPN随时都可能被封锁或解封。我们欢迎任何的关于测试过程的反馈。有技术能力的用户也可以通过审查我们的javascript代码来获悉我们的测试是如何工作的。

我们郑重的邀请翻墙工具的开发者们向我们提供测试过程的反馈。我们的第三个目标是帮助这些开发人员改进他们的产品,让更多的选择适用于中国的顾客。此外,越多的工具可以工作,就意味着中国当局对翻墙的打击就会越难。

中国的用户都知道,在过去的18个月中当局加紧了对翻墙工具的攻击。而翻墙中心将会吹响反击的号角。反其道而行之,让这不再成为秘密。我们要鼓励人们分享翻墙工具可以工作的信息。

我们的第四个目标就是要为GreatFire.org创造收益。目前GreatFire仍然依靠世界各地的热心人士和组织的捐款。我们希望减少对这些机构的依赖,并探寻GreatFire.org自给自足的道路。用户只需到翻墙中心就能购买任意一款我们目前在测试的付费工具。GreatFire将作为这些工具在中国的经销商,因此VPN供应商会给予我们每个零售的一部分。用户也不必在中国购买这些翻墙服务。

Subscribe to our blog using RSS.

Comments

My spouse and I absolutely love your blog and find the majority of your post's to be exactly I'm looking
for. Does one offer guest writers to write content to suit your needs?
I wouldn't mind producing a post or elaborating on most of
the subjects you write about here. Again, awesome website!

My webpage ... photo retouching service

把墙拆了,本站自然也就关闭了,不知道耗费大量物力财力搞ddos攻击有何意义

They did not weaponise their own population, they weaponised foreigners (particularly overseas Chinese). By doing so, they do not have to pay the cost of the traffic traversing their backbone network.

The attack was injected at the inbound link of the international gateway, ultimately making this an untrustworthy provider.
If baidu (or any other network service provider) is to be trusted outside China, they must now bypass the CCP controlled international links.

I am a professional writer having good experience as well as qualifications.
http://www.writeversity.com

my secret blog is down , all attack IP is from China , seems I need to block the Chinese IP myself..

We're a group of volunteers and opening a brand new scheme in our community.
Your web site provided us with helpful info
to work on. You've performed a formidable process and our entire community might be grateful to you.

Feel free to visit my blog - tłumaczenia przysięgłe gdańsk

You can learn tto make tеn different types of paper airplanes օn this free website.Αѕ he is also tҺe President of the Japan Origami
Airplane Association, Һe apparently decided to makе a гun at 27.
The more recent variations օf this recreation incluɗe way more missions ɑnd
objectives.

mү site: www.printonet.pl

Thanks for sharing this nice post - For more info: -
Packers and Movers Gurgaon @ http://getpackers.in/packers-and-movers-gurgaon.html
Packers and Movers Delhi @ http://getpackers.in/packers-and-movers-delhi.html
Packers and Movers Pune @ http://getpackers.in/packers-and-movers-pune.html
Packers and Movers Bangalore @ http://getpackers.in/packers-and-movers-bangalore.html

Thanks for sharing this nice post - For more info: -
Packers and Movers Mumbai @ http://getpackers.in/packers-and-movers-mumbai.html
Packers and Movers Hyderabad @ http://getpackers.in/packers-and-movers-hyderabad.html
Packers and Movers Kolkata @ http://getpackers.in/packers-and-movers-kolkata.html
Packers and Movers Chennai @ http://getpackers.in/packers-and-movers-chennai.html

Taking after this strategy, you ought to deal with tasks in place of slightest troublesome and speediest to hardest and most lengthy. You will then permit yourself to commit the greater part of your time to the tasks that require the most time, effort, and focus , without different other tasks abating furious as a background process in the mind. It would be enjoyable to work on monstrous 10-15 page paper without more diminutive assignments annoying at you. If not, you may be forced to seek help from any custom essay writing service http://essayacademia.com to finish the larger task on time.

You must download lagu for this site, its awesome.

Thanks for all your information, Website is very nice and informative content.
http://healthydrugz.com/
http://www.menspowerx.com/

It is appropriate time to make some plans for the future and it is time to be happy. I’ve read this post and if I could I desire to suggest you few interesting things or tips. Maybe you can write next articles referring to this topic. I desire to read more things about it.

http://www.advancehappynewyear2016.com
http://www.advancehappynewyear2016.com

Future yeah because it's very fashionable people and be turned the activity experience non led by opportunity to ghetto the net I organized on last evening and really in Feb me count happen actually in

happy new year 2016 images pictures photos wallpapers

happy new year 2016 Quotes wishes messages sms greetings

Check out our latest collection of Rakhi HD Images 2015, Rakhi Live Wallpapers, Rakhi Bollywood Songs, Send Rakhi Online, Rakhi Making, Rakhi sms messages in Hindi and English for brothers and sisters, Raksha Bandhan Images 2015, Rakhi Gifts for Sisters, Raksha Bandhan Quotes - 2015

==> http://www.rakshabandhanimages2015.net/ <==

Check out our latest collection of Rakhi HD Images 2015, Rakhi Live Wallpapers, Rakhi Bollywood Songs, Send Rakhi Online, Rakhi Making, Rakhi sms messages in Hindi and English for brothers and sisters, Raksha Bandhan Images 2015, Rakhi Gifts for Sisters, Raksha Bandhan Quotes - 2015 :

==> Raksha Bandhan Images 2015 <==
==> Raksha Bandhan Special Bollywood Songs 2015 <==

Thank you for such a well written article. It’s full of insightful information and entertaining descriptions. Your point of view is the best among many.

http://www.mayfairservicedapartments.com/

It is appropriate time to make some plans for the future and it is time to be happy. I’ve read this post and if I could I desire to suggest you few interesting things or tips.
thanks by stallion business

What an article i just loved it amazing awesome. i will love to listen more on this.
You can also check these
http://www.happydiwali2015cards.com
would love to listen more on this great !
Thanks

I know that would be fine if i say i need to make :

http://conceptive.in/gandhi-jayanti-2015/gandhi-jayanti-images/

would love to listen more on this great !
Thanks

Thanks for post this helpful post - Please visit for More information about -
Packers and Movers in Chennai @
http://www.expert5th.in/packers-and-movers-chennai/
Packers and Movers in Hyderabad @
http://www.expert5th.in/packers-and-movers-hyderabad/
Packers and Movers in Pune @
http://www.expert5th.in/packers-and-movers-pune/
Packers and Movers in Mumbai @
http://www.expert5th.in/packers-and-movers-mumbai/

This article is really fantastic and thanks for sharing the valuable post.
Packers and Movers in Gurgaon @
http://www.expert5th.in/packers-and-movers-gurgaon/
Packers and Movers in Delhi @
http://www.expert5th.in/packers-and-movers-delhi/
Packers and Movers in Bangalore @
http://www.expert5th.in/packers-and-movers-bangalore/

Thanks for all your information, Website is very nice and informative content.
Packers and Movers in Faridabad @
http://www.expert5th.in/packers-and-movers-faridabad/
Packers and Movers in Noida @
http://www.expert5th.in/packers-and-movers-noida/
Packers and Movers in Thane @
http://www.expert5th.in/packers-and-movers-thane/
Packers and Movers in Navi Mumbai @
http://www.expert5th.in/packers-and-movers-navimumbai/
Packers and Movers in Ghaziabad @
http://www.expert5th.in/packers-and-movers-ghaziabad/

Thanks for post this helpful post - Please visit for More information about -
Packers and movers in Gurgaon @
http://www.dteller.in/packers-and-movers-gurgaon/
Packers and Movers in Bangalore @
http://www.dteller.in/packers-and-movers-bangalore/
Packers and Movers in Hyderabad @
http://www.dteller.in/packers-and-movers-hyderabad/
Packers and Movers in Pune @
http://www.dteller.in/packers-and-movers-pune/

They did not weaponise their own population, they weaponised foreigners (particularly overseas Chinese). By doing so, they do not have to pay the cost of the traffic traversing their backbone network

http://conceptive.in/

Nice and informative article thanks to share with us.
http://edugeeksalert.in/

Does one offer guest writers to write content to suit your needs?
I wouldn't mind producing a post or elaborating on most of
the subjects you write about here. Again, awesome website!
My webpage , thanks alote by http://www.indiantrio.com

wow thanks for share great info here i really like it your site and you can check http://www.hatestory3boxofficecollection.in/

http://www.hatestory3movie.in/

Pages

Add new comment

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
By submitting this form, you accept the Mollom privacy policy.