Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
You are here: Home / Network Security / GitHub DDoS Attack Spills Into Day 4
GitHub DDoS Attack Spills Into Day 4
GitHub DDoS Attack Spills Into Day 4
By Jennifer LeClaire / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
It’s day four of the GitHub cyberattack and the digital assault is still evolving as the largest public code repository in the world continues to battle Chinese hackers. GitHub traces the distributed denial of service (DDoS) attack to Friday, calling it the largest in the site’s history and one that involves a wide combination of attack vectors.

“These include every vector we've seen in previous attacks as well as some sophisticated new techniques that use the Web browsers of unsuspecting, uninvolved people to flood with high levels of traffic,” GitHub said in a blog post. “Based on reports we've received, we believe the intent of this attack is to convince us to remove a specific class of content.”

GitHub has been offering status updates since then, reporting on Sunday that 87 hours into the attack its mitigation was deflecting most of DDoS traffic. Sunday night, all systems were reporting at 100 percent but the attack traffic continued and early Monday morning GitHub said it has “evolved and we are working to mitigate.”

Not Just a Grudge

Security experts are reporting the traffic onslaught directed huge amounts of traffic from overseas users of Chinese search giant Baidu to GitHub, according to the Wall Street Journal.

The attackers intentionally targeted GitHub pages that linked to copies of Web sites banned in China, including one page runs and one Chinese-language version of the New York Times, the Journal reported. monitors online censorship in China.

We asked Graham Cluley, an independent technology analyst in the United Kingdom, for his take on this attack. He told us what we have here is a highly determined attacker.

“This isn't just someone with a grudge operating from their back bedroom. Instead, the people with the most plausible motive are the Chinese government, keen to stamp out access to uncensored content on the Internet,” Cluley said.

“It's not a surprise that their resolve to disrupt unfettered access to the 'Net by Chinese citizens is considerable, which is clearly posing a significant challenge for GitHub as it fights to remain online.”

An Unfamiliar Strategy

Cluley called out what he sees as particularly interesting about the attack on GitHub: the DDoS does not appear to be conducted in the familiar fashion of a botnet of compromised computers around the world that are bombarding the site with traffic.

Rather, it appears that someone is tricking Web browsers visiting Chinese Web sites into repeatedly reloading the two pages on the site, he said.

“In a nutshell, many Chinese Web sites use advertising and visitor tracking code from Baidu, China's leading search engine -- just as many other sites around the world might use, say, Google Analytics,” he explained. “It appears that when Web pages containing the Baidu scripts are accessed from outside China, the script's code is being replaced with code serving a different function.”

Tell Us What You Think


Like Us on FacebookFollow Us on Twitter

Over the past decade, hospitals have been busy upgrading their systems from paper to electronic health records. Unfortunately, spending so much on EHR may have left insufficient funds for security.
The British government officially blamed Russia for waging the so-called NotPetya cyberattack that infected computers across Ukraine before spreading to systems in the U.S. and beyond.
© Copyright 2018 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.