Chinese authorities compromise millions in cyberattacks

On March 17th 2015, our websites and partner websites came under a DDoS attack. We had never been subjected to an attack of this magnitude before. This attack was unusual in nature as we discovered that the Chinese authorities were steering millions of unsuspecting internet users worldwide to launch the attack. We believe this is a major cyber-security and economic threat for the people of China.

How did that get there?

After calling on the Internet community for help and assistance, independent researchers with access to our log files discovered the following facts:

  • Millions of global internet users, visiting thousands of websites hosted inside and outside China, were randomly receiving malicious code which was used to launch cyberattacks against GreatFire.org’s websites.

  • Baidu's Analytics code (h.js) was one of the files replaced by malicious code which triggered the attacks. Baidu Analytics, akin to Google Analytics, is used by thousands of websites. Any visitor to any website using Baidu Analytics or other Baidu resources would have been exposed to the malicious code. A list of Baidu resources known to be used for the attack appears in the report.

  • That malicious code is sent to “any reader globally” without distinguishing that user’s geographical location, meaning that the authorities did not just launch this attack using Chinese internet users -  they compromised internet users and websites everywhere in the world.

  • The tampering takes places someplace between when the traffic enters China and when it hits Baidu’s servers. This is consistent with previous malicious actions and points to the Cyberspace Administration of China (CAC) being directly involved in these attacks.

More technical details of the attack can be read in a research report titled “Using Baidu to steer millions of computers to launch denial of service attacks”.

GitHub Suffers DDoS Attack

On March 25 the Chinese authorities used the same techniques to launch a DDoS attack on GitHub - our page was one of the main targets. To mitigate the DDoS attack, we mirrored content on our GitHub repository and asked users to access that page directly. The attackers then switched their attack to our GitHub page.

GitHub stated:

We are currently experiencing the largest DDoS (distributed denial of service) attack in github.com's history. The attack began around 2AM UTC on Thursday, March 26, and involves a wide combination of attack vectors. These include every vector we've seen in previous attacks as well as some sophisticated new techniques that use the web browsers of unsuspecting, uninvolved people to flood github.com with high levels of traffic. Based on reports we've received, we believe the intent of this attack is to convince us to remove a specific class of content.

We believe that “a specific class of content” refers to GreatFire.org’s GitHub page. To combat the DDoS attack from malicious JS code injected by CAC, GitHub modified https://github.com/greatfire/ to show a message to users: "WARNING: malicious javascript detected on this domain".

The URL to access our GitHub page ( https://github.com/greatfire/) is hard coded into the malicious JS. Our page is still accessible and only users who have been exposed to the malicious code will see the warning pop up message while browsing other websites. The GitHub attack is still ongoing and the malicious JS is still being injected for approximately 1% of foreign visitors to websites that are using elements from Baidu.

 

The Implications

When we first blogged about this attack we did not want to level accusations without evidence. Based on the technical forensic evidence provided above and the detailed research that has been done on the GitHub attack, we can now confidently conclude that the Cyberspace Administration of China (CAC) is responsible for both of these attacks.

Hijacking the computers of millions of innocent internet users around the world is particularly striking as it illustrates the utter disregard the Chinese authorities have for international as well as even Chinese internet governance norms. There was no way for an average internet user to prevent themselves from being exploited as part of this attack. This statement from Lu Wei, the head of the Cyberspace Administration of China, encapsulates our thoughts and concerns about these attacks:

We should establish an Internet order that helps maintain security. The Internet is a worldwide platform for sharing information. It is “a community of common interests”. No country is immune to such global challenges as cybercrime, hacking and invasion of privacy. In cyberspace, it is becoming increasingly difficult to uphold security for one’s own country by sacrificing that of others. It is also not practical to pursue one’s own interests by rejecting others’ needs. China is also a victim of hacking. We have always firmly opposed all forms of Internet attacks.

Inserting malicious code in this manner can only be done via the Chinese Internet backbone. Even if CAC did not launch the DDoS attack directly, they are responsible for managing the internet in China and it is not possible that they did not know what was happening. These attacks have occurred under CAC’s watch and would have needed the approval of Lu Wei.

Lu Wei and the Cyberspace Administration of China have clearly escalated the tactics that they use to control information. The Great Firewall has switched from being a passive, inbound filter to being an active and aggressive outbound one. This is a frightening development and the implications of this action extend beyond control of information on the internet. In one quick movement, the authorities have shifted from enforcing strict censorship in China to enforcing Chinese censorship on internet users worldwide. CAC can launch these attacks quickly and easily and they have the technical and financial resources behind them to continue to launch DDoS attacks against any website, anywhere in the world.

These attacks also illustrate the shortsighted nature of the Chinese authorities. Weaponizing Chinese internet services stifles global confidence in Chinese entrepreneurs and contributes to the fragmentation of the global internet. The SEC has already asked Weibo to explain how the censorship apparatus works - Baidu, a publicly-listed company in the US, may be called in to do the same.   

We correctly predicted last year that China would increase their use of MITM attacks in an effort to censor encrypted websites. We now sadly predict that the DDoS attacks against us and GitHub are likely to signal a ramping up of attacks against foreign internet properties. These kinds of attacks should draw scorn and criticism from government officials of all countries around the world.

It is important to note that throughout this attack, our Android FreeBrowser app has not been impacted and is still helping thousands of Chinese internet users to bypass censorship and the great firewall every day.

On behalf of the millions of unsuspecting users manipulated by these actions, we call on Lu Wei and the Cyberspace Administration of China (CAC) to bring an end to these DDoS attacks immediately and to apologise for their blatantly disrespectful and dangerous actions.

Further Information

After the attacks started, many overseas Chinese saw these warning messages and started to post screenshots on social media.

One person uploaded a video to YouTube showing what happens when a user is injected with malicious JS in the GitHub DDoS attack. You can also see GitHub’s mitigation efforts in this video.

There are fascinating details about the attack on GitHub and changes made by the Cyberspace Administration of China to maintain the attack.

An earlier report about an unrelated GFW upgrade stated that “Every machine in China has the potential be a part of a massive DDOS attack on innocent sites,” and “They have weaponized their entire population.” That was too optimistic. Now CAC has weaponized the entire Internet population.

Comments

More Blog Posts

Subscribe to our mailing list
Show content from Blog | Google+ | Twitter | All. Subscribe to our blog using RSS.

Fri, Mar 18, 2022

Well-intentioned decisions have just made it easier for Putin to control the Russian Internet

This article is in large part inspired by a recent article from Meduza (in Russian).

Since the beginning of the war in Ukraine, Russian users have had problems accessing government websites and online banking clients. Browsers began to mark these sites as unsafe and drop the connection. The reason is the revocation of digital security certificates by foreign certificate authorities (either as a direct consequence of sanctions or as an independent, good will move); without them, browsers do not trust sites and “protect” their users from them.

However, these actions, caused - or at least triggered by - a desire to punish Russia for their gruesome actions in Ukraine, will have long-lasting consequences for Russian netizens.

Digital certificates are needed to confirm that the site the user wants to visit is not fraudulent. The certificates contain encryption keys to establish a secure connection between the site and the user. It is very easy to understand whether a page on the Internet is protected by a certificate. One need just look at the address bar of the browser. If the address begins with the https:// prefix, and there is a lock symbol next to the address, the page is protected. By clicking on this lock, you can see the status of the connection, the name of the Certification Authority (CA) that issued the certificate, and its validity period.

There are several dozen commercial and non-commercial organizations in the world that have digital root certificates, but 3/4 of all certificates are issued by only five of the largest companies. Four of them are registered in the USA and one is registered in Belgium.

Mon, Aug 03, 2020

Announcing the Release of GreatFire AppMaker

GreatFire (https://en.greatfire.org/), a China-focused censorship monitoring organization, is proud to announce that we have developed and released a new anti-censorship tool that will enable any blocked media outlet, blogger, human rights group, or civil society organization to evade censors and get their content onto the phones of millions of readers and supporters in China and other countries that censor the Internet.

GreatFire has built an Android mobile app creator, called “GreatFire AppMaker”, that can be used by organizations to unblock their content for users in China and other countries. Organizations can visit a website (https://appmaker.greatfire.org/) which will compile an app that is branded with the organization’s own logo and will feature their own, formerly blocked content. The app will also contain a special, censorship-circumventing web browser so that users can access the uncensored World Wide Web. The apps will use multiple strategies, including machine learning, to evade advanced censorship tactics employed by the Chinese authorities.  This project will work equally well in other countries that have China-like censorship restrictions. For both organizations and end users, the apps will be free, fast, and extremely easy to use.

This project was inspired by China-based GreatFire’s first-hand experience with our own FreeBrowser app (https://freebrowser.org/en) and desire to help small NGOs who may not have the in-house expertise to circumvent Chinese censorship. GreatFire’s anti-censorship tools have worked in China when others do not. FreeBrowser directs Chinese internet users to normally censored stories from the app’s start page (http://manyvoices.news/).

Fri, Jul 24, 2020

Apple, anticompetition, and censorship

On July 20, 2020, GreatFire wrote to all 13 members of the Subcommittee on Antitrust, Commercial and Administrative Law of the U.S. House Committee on the Judiciary, requesting a thorough examination into Apple’s practice of censorship of its App Store, and an investigation into how the company collaborates with the Chinese authorities to maintain its unique position as one of the few foreign tech companies operating profitably in the Chinese digital market.  

This letter was sent a week before Apple CEO TIm Cook will be called for questioning in front of the Subcommittee on Antitrust, Commercial and Administrative Law. The CEOs of Amazon, Google and Facebook will also be questioned on July 27, as part of the Committee’s ongoing investigation into competition in the digital marketplace.

This hearing offers an opportunity to detail to the Subcommittee how Apple uses its closed operating ecosystem to not only abuse its market position but also to deprive certain users, most notably those in China, of their right to download and use apps related to privacy, secure communication, and censorship circumvention.

We hope that U.S. House representatives agree with our view that Apple should not be allowed to do elsewhere what would be considered as unacceptable in the U.S. Chinese citizens are not second class citizens. Private companies such as Apple compromise themselves and their self-proclaimed values of freedom and privacy when they collaborate with the Chinese government and its censors.

Mon, Jun 10, 2019

Apple Censoring Tibetan Information in China

Apple has a long history of censorship when it comes to information about Tibet. In 2009, it was revealed that several apps related to the Dalai Lama were not available in the China App Store. The developers of these apps were not notified that their apps were removed. When confronted with these instances of censorship, an Apple spokesperson simply said that the company “continues to comply with local laws”.

In December, 2017, at a conference in China, when asked about working with the Chinese authorities to censor the Apple App Store, Tim Cook proclaimed:

"Your choice is: do you participate, or do you stand on the sideline and yell at how things should be. And my own view very strongly is you show up and you participate, you get in the arena because nothing ever changes from the sideline."

In the ten years since Apple was first criticized for working with the Chinese authorities to silence already marginalized voices, what has changed? Apple continues to strictly follow the censorship orders of the Chinese authorities. When does Tim Cook expect that his company will help to bring about positive change in China?

Based on data generated from https://applecensorship.com, Apple has now censored 29 popular Tibetan mobile applications in the China App Store. Tibetan-themed apps dealing with news, religious study, tourism, and even games are being censored by Apple. A full list of the censored apps appear below.

Thu, Jun 06, 2019

Report Shines Spotlight on Apple’s Censorship Practices in China

The newest Ranking Digital Rights Corporate Accountability Index makes recommendations on what companies and governments need to do in order to improve the protection of internet users’ human rights around the world. Ranking Digital Rights (RDR) works to promote freedom of expression and privacy on the internet by creating global standards and incentives for companies to respect and protect users’ rights.

In their 2019 Accountability Index, RDR looks at the policies of 24 of the world’s most important internet companies in respect to freedom of expression and privacy and highlights the companies that have made improvements and those companies that need to do more. RDR notes that:

Insufficient transparency makes it easier for private parties, governments, and companies themselves to abuse their power over online speech and avoid accountability.

In particular, the report highlights how Apple has abused their power over online speech, and notes instances of this in China. According to the report, Apple has not disclosed data around the content that it removes from its App Store when faced with requests from the government authorities.

While [Apple] disclosed data about government requests to restrict accounts, it disclosed no data about content removal requests, such as requests to remove apps from its App Store. Apple revealed little about policies and practices affecting freedom of expression, scoring below all other U.S. companies in this category.

The report makes intelligent and sensible recommendations for governments. However, the recommendations also highlight how difficult it is to have these discussions with governments like China’s.

Subscribe to our blog using RSS.

Comments

With best compliments from
https://www.makingmove.com

Thank you for the post. It's really great t know about a event like this
super smash flash 2: http://supersmashflash2a.com/
gmail sign in: http://gmailsigninaz.com/
facebook login: http://facebookloginaz.com/
hotmail sign in: http://hotmailsigninaz.com/
hotmail: http://hotmailaz.com/
happy wheels az: http://happywheelsaz.net/
top unblocked games: http://topunblockedgames.com
lupus: http://lupuswiki.com/

Golden Globe Awards 2016 Live Stream || @ On January 10, 2016 set the date for the 73rd Annual Golden Globe Awards by The Hollywood Foreign Press.

Golden Globe Awards 2016 Live Stream
http://goldenglobeawards2016livestream.com/

Justin Bieber Tickets Tours & Concert Updates
http://justinbieberconcert.co/

Knock! Knock! Knock!!! Hello……!!!! We are back with a big bang award show which is Golden Globe Award 2016. Great show, some great people, beautiful and spectacularly talented actresses/actors and lots of fun, entertainment, and suspense’re to be revealed.

This award has been continuing since 1943. Group of writers gathered together to frame the Hollywood Foreign Press Association and made liberally distributed award named Golden globe Award where they play momentous role in film making. The first award was being honored on best achievement in 1943 filmmaking and was held in January 1944, at the 20th Century –Fox studios. Successively, every year ceremonies were held in different venues for decades.

This is I was searching for: http://www.daysbeforevalentinesdays.com/
Thanks!

ohhhhhhhhhhhhhh hhhhhhhhhhhhhh hhhh gs y : http://www.daysbeforevalentinesdays.com/

Firmamız 2009 Yılından Buyana ADANA Kentinde Toner , Güvenlik Kamerası
Notebook Pc ve Tablet pc Onarımı , Notebook Ve Tablet Pc Yedek Parça ,
Alanlarında Hizmet vermekte Olup Profesyonel Ekibi ile Müşteri
Memnuniyeti Odaklı Çalışmaktadır. NFL : http://www.adanabilgisayartamiri.com

Danke für das Teilen mit mir einige Ihrer Ideen betreffend sind die Möglichkeit des Verminderns unserer gegenwärtigen Arbeitslosigkeit Mühen, indem Sie einen verkürzten Workweek einleiten.
loola-games.info juegosloola.us juegosdemafa.com yoobgamesfriv.com yoob2.com

Danke für diesen eindrucksvollen Bericht und das ehrliche Teilen, danke, dass wir zusammen stehen. Mariana, danke für das Teilen, danke in und bei uns zu sein; danke für deinen Unterricht, deine Bücher, deine Erinnerungen.
jogosdamafa.com loolafrozen.com juegosdeloola.com loola2015.com friv2016.info

Danke für das Teilen mit mir einige Ihrer Ideen betreffend sind die Möglichkeit des Verminderns unserer gegenwärtigen Arbeitslosigkeit Mühen, indem Sie einen verkürzten Workweek einleiten.
http://www.jogosdamafa.com
http://www.loolafrozen.com
http://www.juegosdeloola.com
http://www.loola2015.com
http://www.friv2016.info

This is a great article, that I really enjoyed reading. Thanks for sharing.

Netflix

This type of message always inspiring and I prefer to read quality content, so happy to find good place to many here in the post, the writing is just great, thanks for the post.

http://www.rajarakminimarket.com
http://www.rajaraktoko.com
http://www.rajaraksupermarket.com

Firstcab always ensures its users to get the best quality services along with the price as concern.That is the reason why we have choosen the best bangalore cabs/taxi service vendors from bunch of discrete cabs providers in the city - See more at: http://www.firstcab.in/

Your way of describing the whole thing in this paragraph is actually pleasant, all be able to without difficulty know it, Thanks a lot.
http://reet-result.in/

I was very happy to find this page. I need to thank you for ones time just for this wonderful read!! I definitely
loved every bit of it and i also have you book marked to look at new things on your site.
http://uptetresult2015-16.in/

Danke für das Teilen mit mir einige Ihrer Ideen betreffend sind die Möglichkeit des Verminderns unserer gegenwärtigen Arbeitslosigkeit Mühen, indem Sie einen verkürzten Workweek einleiten. mazzraasaida.blogspot.com

I was very happy to find this page. I need to thank you for ones time just for this wonderful read!! I definitely
loved every bit of it and i also have you book marked to look at new things on your site.
http://sscconstablegdresult.in/

This article is really fantastic and thanks for sharing the valuable post. Please Visit our wonderful and valuable website:
http://packers-and-movers-bangalore.in/
http://packers-and-movers-bangalore.in/packers-and-movers-bidari-bagalkot
http://packers-and-movers-bangalore.in/packers-and-movers-mahalakshmipur...
Packers And Movers Bangalore not only look after our perfection in Movers And Packers services but also ensure the satisfactory returned settlement of our client. Because one brings ten more to Movers And Packers Bangalore.

Nice article is provided by you admin, thanks for this article becoze it helped me lot and below we have some stuff which our topic to write article so please checkout them.

http://www.happyholi2016messagessms.in

http://www.womensday2016wishes.com

http://www.happyholi2016images.co.in

http://www.facebookwhatsappstatus.in

This article is really fantastic and thanks for sharing the valuable post. Please Visit our wonderful and valuable website:
http://al3ab-banat01.blogspot.com

I can't say a lot in regards to this thought, yet it's really intriguing exchange surely.
HR Homework Help
http://www.hrassignments.com

I can't say a lot in regards to this thought, yet it's really intriguing exchange surely.
Accounting Term Paper Help
http://www.accountingassignments.help

This is pleasant article. I might want to a debt of gratitude is in order for your endeavors and recommendations. I truly acknowledge to this article.
PHP Homework Help
http://www.phphelponline.com

I appreciate this work amazing post for us I like it.
Term Paper Writing Help
https://www.termpaperwriting.services

Our website is No. 1 in Academic Writing Service & Custom Term Paper Writing Service . Feel free to hire us for your academic needs. We are the perfect paper writers you will ever need.
term paper writer
https://www.academicpaperwriter.com/

This topic is interesting.

The messages that you have conveyed through your article is helpful to the public. It is essential to conduct an awareness program to inform the public about cyber attacks and all. Essay writing services is here to support you for starting fight against cyber attacks.
http://essayssos.com/

If you love bird watching then Corbett is virtual haven for such tourists. Corbett and its adjoining area is a home

to more than 650 species of residents and migratory birds. Particularly Dhikala is fine place to look for birds of

prey, more than over 50 species of raptors alone shows the healthy biodiversity of the area. Their multiplex

behavior is intriguing and their varied songs are very much pleasing to the ear. In a nutshell, this finest national

park of India is well known for rich and varied wildlife including royal Bengal tiger, elephant, four to five

species of deer and rich birdlife.
http://corbettresort.in/Marchula-46
http://corbettresort.in/JamunVillage-48

Pages

Add new comment

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
By submitting this form, you accept the Mollom privacy policy.