Chinese authorities compromise millions in cyberattacks

On March 17th 2015, our websites and partner websites came under a DDoS attack. We had never been subjected to an attack of this magnitude before. This attack was unusual in nature as we discovered that the Chinese authorities were steering millions of unsuspecting internet users worldwide to launch the attack. We believe this is a major cyber-security and economic threat for the people of China.

How did that get there?

After calling on the Internet community for help and assistance, independent researchers with access to our log files discovered the following facts:

  • Millions of global internet users, visiting thousands of websites hosted inside and outside China, were randomly receiving malicious code which was used to launch cyberattacks against GreatFire.org’s websites.

  • Baidu's Analytics code (h.js) was one of the files replaced by malicious code which triggered the attacks. Baidu Analytics, akin to Google Analytics, is used by thousands of websites. Any visitor to any website using Baidu Analytics or other Baidu resources would have been exposed to the malicious code. A list of Baidu resources known to be used for the attack appears in the report.

  • That malicious code is sent to “any reader globally” without distinguishing that user’s geographical location, meaning that the authorities did not just launch this attack using Chinese internet users -  they compromised internet users and websites everywhere in the world.

  • The tampering takes places someplace between when the traffic enters China and when it hits Baidu’s servers. This is consistent with previous malicious actions and points to the Cyberspace Administration of China (CAC) being directly involved in these attacks.

More technical details of the attack can be read in a research report titled “Using Baidu to steer millions of computers to launch denial of service attacks”.

GitHub Suffers DDoS Attack

On March 25 the Chinese authorities used the same techniques to launch a DDoS attack on GitHub - our page was one of the main targets. To mitigate the DDoS attack, we mirrored content on our GitHub repository and asked users to access that page directly. The attackers then switched their attack to our GitHub page.

GitHub stated:

We are currently experiencing the largest DDoS (distributed denial of service) attack in github.com's history. The attack began around 2AM UTC on Thursday, March 26, and involves a wide combination of attack vectors. These include every vector we've seen in previous attacks as well as some sophisticated new techniques that use the web browsers of unsuspecting, uninvolved people to flood github.com with high levels of traffic. Based on reports we've received, we believe the intent of this attack is to convince us to remove a specific class of content.

We believe that “a specific class of content” refers to GreatFire.org’s GitHub page. To combat the DDoS attack from malicious JS code injected by CAC, GitHub modified https://github.com/greatfire/ to show a message to users: "WARNING: malicious javascript detected on this domain".

The URL to access our GitHub page ( https://github.com/greatfire/) is hard coded into the malicious JS. Our page is still accessible and only users who have been exposed to the malicious code will see the warning pop up message while browsing other websites. The GitHub attack is still ongoing and the malicious JS is still being injected for approximately 1% of foreign visitors to websites that are using elements from Baidu.

 

The Implications

When we first blogged about this attack we did not want to level accusations without evidence. Based on the technical forensic evidence provided above and the detailed research that has been done on the GitHub attack, we can now confidently conclude that the Cyberspace Administration of China (CAC) is responsible for both of these attacks.

Hijacking the computers of millions of innocent internet users around the world is particularly striking as it illustrates the utter disregard the Chinese authorities have for international as well as even Chinese internet governance norms. There was no way for an average internet user to prevent themselves from being exploited as part of this attack. This statement from Lu Wei, the head of the Cyberspace Administration of China, encapsulates our thoughts and concerns about these attacks:

We should establish an Internet order that helps maintain security. The Internet is a worldwide platform for sharing information. It is “a community of common interests”. No country is immune to such global challenges as cybercrime, hacking and invasion of privacy. In cyberspace, it is becoming increasingly difficult to uphold security for one’s own country by sacrificing that of others. It is also not practical to pursue one’s own interests by rejecting others’ needs. China is also a victim of hacking. We have always firmly opposed all forms of Internet attacks.

Inserting malicious code in this manner can only be done via the Chinese Internet backbone. Even if CAC did not launch the DDoS attack directly, they are responsible for managing the internet in China and it is not possible that they did not know what was happening. These attacks have occurred under CAC’s watch and would have needed the approval of Lu Wei.

Lu Wei and the Cyberspace Administration of China have clearly escalated the tactics that they use to control information. The Great Firewall has switched from being a passive, inbound filter to being an active and aggressive outbound one. This is a frightening development and the implications of this action extend beyond control of information on the internet. In one quick movement, the authorities have shifted from enforcing strict censorship in China to enforcing Chinese censorship on internet users worldwide. CAC can launch these attacks quickly and easily and they have the technical and financial resources behind them to continue to launch DDoS attacks against any website, anywhere in the world.

These attacks also illustrate the shortsighted nature of the Chinese authorities. Weaponizing Chinese internet services stifles global confidence in Chinese entrepreneurs and contributes to the fragmentation of the global internet. The SEC has already asked Weibo to explain how the censorship apparatus works - Baidu, a publicly-listed company in the US, may be called in to do the same.   

We correctly predicted last year that China would increase their use of MITM attacks in an effort to censor encrypted websites. We now sadly predict that the DDoS attacks against us and GitHub are likely to signal a ramping up of attacks against foreign internet properties. These kinds of attacks should draw scorn and criticism from government officials of all countries around the world.

It is important to note that throughout this attack, our Android FreeBrowser app has not been impacted and is still helping thousands of Chinese internet users to bypass censorship and the great firewall every day.

On behalf of the millions of unsuspecting users manipulated by these actions, we call on Lu Wei and the Cyberspace Administration of China (CAC) to bring an end to these DDoS attacks immediately and to apologise for their blatantly disrespectful and dangerous actions.

Further Information

After the attacks started, many overseas Chinese saw these warning messages and started to post screenshots on social media.

One person uploaded a video to YouTube showing what happens when a user is injected with malicious JS in the GitHub DDoS attack. You can also see GitHub’s mitigation efforts in this video.

There are fascinating details about the attack on GitHub and changes made by the Cyberspace Administration of China to maintain the attack.

An earlier report about an unrelated GFW upgrade stated that “Every machine in China has the potential be a part of a massive DDOS attack on innocent sites,” and “They have weaponized their entire population.” That was too optimistic. Now CAC has weaponized the entire Internet population.

Comments

More Blog Posts

Subscribe to our mailing list
Show content from Blog | Google+ | Twitter | All. Subscribe to our blog using RSS.

Fri, Mar 18, 2022

Well-intentioned decisions have just made it easier for Putin to control the Russian Internet

This article is in large part inspired by a recent article from Meduza (in Russian).

Since the beginning of the war in Ukraine, Russian users have had problems accessing government websites and online banking clients. Browsers began to mark these sites as unsafe and drop the connection. The reason is the revocation of digital security certificates by foreign certificate authorities (either as a direct consequence of sanctions or as an independent, good will move); without them, browsers do not trust sites and “protect” their users from them.

However, these actions, caused - or at least triggered by - a desire to punish Russia for their gruesome actions in Ukraine, will have long-lasting consequences for Russian netizens.

Digital certificates are needed to confirm that the site the user wants to visit is not fraudulent. The certificates contain encryption keys to establish a secure connection between the site and the user. It is very easy to understand whether a page on the Internet is protected by a certificate. One need just look at the address bar of the browser. If the address begins with the https:// prefix, and there is a lock symbol next to the address, the page is protected. By clicking on this lock, you can see the status of the connection, the name of the Certification Authority (CA) that issued the certificate, and its validity period.

There are several dozen commercial and non-commercial organizations in the world that have digital root certificates, but 3/4 of all certificates are issued by only five of the largest companies. Four of them are registered in the USA and one is registered in Belgium.

Mon, Aug 03, 2020

Announcing the Release of GreatFire AppMaker

GreatFire (https://en.greatfire.org/), a China-focused censorship monitoring organization, is proud to announce that we have developed and released a new anti-censorship tool that will enable any blocked media outlet, blogger, human rights group, or civil society organization to evade censors and get their content onto the phones of millions of readers and supporters in China and other countries that censor the Internet.

GreatFire has built an Android mobile app creator, called “GreatFire AppMaker”, that can be used by organizations to unblock their content for users in China and other countries. Organizations can visit a website (https://appmaker.greatfire.org/) which will compile an app that is branded with the organization’s own logo and will feature their own, formerly blocked content. The app will also contain a special, censorship-circumventing web browser so that users can access the uncensored World Wide Web. The apps will use multiple strategies, including machine learning, to evade advanced censorship tactics employed by the Chinese authorities.  This project will work equally well in other countries that have China-like censorship restrictions. For both organizations and end users, the apps will be free, fast, and extremely easy to use.

This project was inspired by China-based GreatFire’s first-hand experience with our own FreeBrowser app (https://freebrowser.org/en) and desire to help small NGOs who may not have the in-house expertise to circumvent Chinese censorship. GreatFire’s anti-censorship tools have worked in China when others do not. FreeBrowser directs Chinese internet users to normally censored stories from the app’s start page (http://manyvoices.news/).

Fri, Jul 24, 2020

Apple, anticompetition, and censorship

On July 20, 2020, GreatFire wrote to all 13 members of the Subcommittee on Antitrust, Commercial and Administrative Law of the U.S. House Committee on the Judiciary, requesting a thorough examination into Apple’s practice of censorship of its App Store, and an investigation into how the company collaborates with the Chinese authorities to maintain its unique position as one of the few foreign tech companies operating profitably in the Chinese digital market.  

This letter was sent a week before Apple CEO TIm Cook will be called for questioning in front of the Subcommittee on Antitrust, Commercial and Administrative Law. The CEOs of Amazon, Google and Facebook will also be questioned on July 27, as part of the Committee’s ongoing investigation into competition in the digital marketplace.

This hearing offers an opportunity to detail to the Subcommittee how Apple uses its closed operating ecosystem to not only abuse its market position but also to deprive certain users, most notably those in China, of their right to download and use apps related to privacy, secure communication, and censorship circumvention.

We hope that U.S. House representatives agree with our view that Apple should not be allowed to do elsewhere what would be considered as unacceptable in the U.S. Chinese citizens are not second class citizens. Private companies such as Apple compromise themselves and their self-proclaimed values of freedom and privacy when they collaborate with the Chinese government and its censors.

Mon, Jun 10, 2019

Apple Censoring Tibetan Information in China

Apple has a long history of censorship when it comes to information about Tibet. In 2009, it was revealed that several apps related to the Dalai Lama were not available in the China App Store. The developers of these apps were not notified that their apps were removed. When confronted with these instances of censorship, an Apple spokesperson simply said that the company “continues to comply with local laws”.

In December, 2017, at a conference in China, when asked about working with the Chinese authorities to censor the Apple App Store, Tim Cook proclaimed:

"Your choice is: do you participate, or do you stand on the sideline and yell at how things should be. And my own view very strongly is you show up and you participate, you get in the arena because nothing ever changes from the sideline."

In the ten years since Apple was first criticized for working with the Chinese authorities to silence already marginalized voices, what has changed? Apple continues to strictly follow the censorship orders of the Chinese authorities. When does Tim Cook expect that his company will help to bring about positive change in China?

Based on data generated from https://applecensorship.com, Apple has now censored 29 popular Tibetan mobile applications in the China App Store. Tibetan-themed apps dealing with news, religious study, tourism, and even games are being censored by Apple. A full list of the censored apps appear below.

Thu, Jun 06, 2019

Report Shines Spotlight on Apple’s Censorship Practices in China

The newest Ranking Digital Rights Corporate Accountability Index makes recommendations on what companies and governments need to do in order to improve the protection of internet users’ human rights around the world. Ranking Digital Rights (RDR) works to promote freedom of expression and privacy on the internet by creating global standards and incentives for companies to respect and protect users’ rights.

In their 2019 Accountability Index, RDR looks at the policies of 24 of the world’s most important internet companies in respect to freedom of expression and privacy and highlights the companies that have made improvements and those companies that need to do more. RDR notes that:

Insufficient transparency makes it easier for private parties, governments, and companies themselves to abuse their power over online speech and avoid accountability.

In particular, the report highlights how Apple has abused their power over online speech, and notes instances of this in China. According to the report, Apple has not disclosed data around the content that it removes from its App Store when faced with requests from the government authorities.

While [Apple] disclosed data about government requests to restrict accounts, it disclosed no data about content removal requests, such as requests to remove apps from its App Store. Apple revealed little about policies and practices affecting freedom of expression, scoring below all other U.S. companies in this category.

The report makes intelligent and sensible recommendations for governments. However, the recommendations also highlight how difficult it is to have these discussions with governments like China’s.

Subscribe to our blog using RSS.

Comments

This will definitely be very useful for me when I get a chance to start my blog.

http://www.mothersdayquotess.com/

Moving to another destination can be an extremely confused and distressing procedure.

Packers and Movers Bangalore @ http://www.11th.in/packers-and-movers-bangalore.html
Packers and Movers Noida @ http://www.11th.in/packers-and-movers-noida.html
Packers and Movers Ghaziabad @ http://www.11th.in/packers-and-movers-ghaziabad.html
Packers and Movers Chennai @ http://www.11th.in/packers-and-movers-chennai.html

I think that the DDoS attack is one of the major cyber crimes that threatened the internet users in China. The good thing abut this is that it served as a wake up call and now more than ever the cyber crimes in china have been curbed to a great extent. Did you know that you can get reliable homework editing help by simply clicking on the link below?
https://www.customwritingbay.ca

اقاريو العربيه ظهرت مباشرة بعد ان اشتهرت اقاريو الاصلية التي هي Agario باللغة الاجنبية واسمها بالظبط هو واول ظهور لها كان يوم 28 ابريل سنة 2015
http://gamesbanatcoat.blogspot.com

Thank you for the good writeup. It actually was once a enjoyment account it.plz visit here:
http://packers-and-movers-bangalore.in/
http://packers-and-movers-bangalore.in/packers-and-movers-konanakunte-be...
http://packers-and-movers-bangalore.in/packers-and-movers-bengaluru-to-g...
Packers-and-Movers-Bangalore.in is well arranged and settled website among all packers and movers company.

Nice article. Thanks for sharing this amazing article !!

check also http://www.mothersday-message.com

Words Doctorate ( http://www.wordsdoctorate.com/ ) is providing PhD-Master Thesis and Research related support for PhD Students-all stream.
PhD and Master Thesis & Dissertation Writing Service, We serve students globally in all subjects,Provide completed solutions and online Guidance by PhD Holders.

All are saying the same thing repeatedly, but in your blog I had a chance to get some useful and unique information, I love your writing style very much, I would like to suggest your blog in my dude circle.
http://www.showboxapkdownloadd.com/

I appreciate this post and its seems looking so informative Thanks for sharing with us..
http://packersmoversbangalore.in/

I regard something truly interesting about your web blog so I saved to favorites .
http://packersmovershyderabadcity.in/

videos are awesome download them here
https://vidmatehd.org/

For awesome features of your phone download framaroot
https://iframarootapk.net/

For awesome features of your phone download framaroot
https://iframarootapk.net/

مؤسسة صفوة المدينة شركة تنظيف خزانات وغسيل خزانات بالمدينة المنورة ومكافحة حشرات بالمدينة المنورة الشركة لديها تخصص فى نقل العفش بالمدينة اللمنورة ومكافحة الحشرات وغسيل الخزانات بالمدينة المنورة
http://www.atar-almadinah.com/khasil.html شركة تنظيف خزانات بالمدينة المنورة

Great article thanks for sharing !!!

Ganesh Chaturthi Images

Thanks

What an lovely piece of content. Thats why i liked it everytime i read it. Thanks mate really thanks. Have a good day ahead. Also check !

Happy Onam Images

Thanks

good This lead is normally about how precisely to download kodiforiphone for distributing their market. The greatest support offered by iPhone is usually iOS. Kodi on iPhone nice.

good Launch Cydia from the home screen, tap on Manage button followed by sources iplaystoredownload Then type Cydia web address and install Cydia and then Bootlace. nice.

This research is practically done by you and gives good ideas. visit here some useful content here.
http://packersmoverschennai.in/
http://blog.packersmoverschennai.in/

This is an amazing type of post.
Davinda Honald

Thanks for sharing such a valuable information.Im very thankful to you that you had given me this opportunity to write on this blog.please visit our website I assure you that it will be very useful for our website.
http://jaipurpackersandmovers.in/
http://blog.jaipurpackersandmovers.in/

Are you currently interested to ways to accrue popularity quickly? You only require to Buy Facebook Followers to become well known online. - https://www.boostfollower.com/buy-facebook-followers/

visit over here to get the original content within your budget
http://www.freshcontent.in/

For getting an increased publicity for your facebook account, Individuals expend dollars to Buy Facebook Followers to conveniently have exposure on world wide web. http://ranklikes.com/buy-facebook-followers/

efforts.Thanks alot for your writings......Waiting for a new 1...Please visit our wonderful and valuable website.......
http://packersmoverspune.org/
http://blog.packersmoverspune.org/

I agree with you. This post is truly inspiring. I like your post and everything you share with us is current and very informative, I want to bookmark the page so I can return here from you that you have done a fantastic job.
http://packers-and-movers-gurgaon.in/

good You might want to keep your collection on a bigger exterior drive https://itunesdownloadapp.com It likewise makes it simple to move your iTunes collection to great.

good Apk app downloader is used as various sources. There are kodidownloadapptv releases are provided. For typical users, steady nice.

very nice post. thanks for sharing
All Upcoming Jobs

After downloading and install the APK documents, Snapchat Web Most likely to the official internet site of BlueStacks.

I appreciate this post and its seems looking so informative Thanks for sharing with us..
http://packersmoversbangalore.in/

Packers and Movers Bangalore list, Cheap Packers Movers Bangalore Charges, Local, Affordable Household Shifting Bangalore,
@ http://Packers-and-Movers-Bangalore.in/

Pictures by streaming them online at free of cost. Mobdro Download as well as lots extra. With chrome actors support.

When in dire need of funds, Loans can be amassed in to your bank account due to the hassle free technique of availing funds. With no formal rituals linked to the system of application, deriving the amount within a couple of hours will not be much of a hassle.

3 month payday loans instant cash - http://www.3monthpaydayloans.co/

100 loan for 3 months - http://www.3monthpaydayloans.co/

500 pounds loan UK - http://www.3monthpaydayloans.co/

It is no doubt from my point of view that there is change needed. tnea counselling

The satta matka Original Website Provide Fast Matka Result site.

An academic writer having years of experience.
https://myassignmenthelp.com/uk/thesis-help.html

We Provide Best Packers And Movers Hyderabad List for Get Free Best Quotes, Compare Charges, Save Money And Time, Household Shifting Services @ http://packersmovershyderabadcity.in/

Packers And Movers Packers And Movers Bangalore Local Household Shifting Service, Get Free Best Price Quotes Local Packers and Movers in Bangalore List , Compare Charges, Save Money And Time.@ http://packersmoversbangalore.in/

Get Professional Assignment Help from the quality assignment writers at AssignmentStudio.net
we have a team of professional writers to help University Students with their essays, case studies, thesis.
For more details visit us at www.assignmentstudio.net

I appreciate this post and its seems looking so informative Thanks for sharing with us.
packers-and-movers-gurgaon.in

Pages

Add new comment

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
By submitting this form, you accept the Mollom privacy policy.