Nettime mailing list archives

<nettime> Why Baidu Has Been Hijacked to Attack Github
nettime little_birdie on Sat, 28 Mar 2015 06:07:56 +0100 (CET)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

<nettime> Why Baidu Has Been Hijacked to Attack Github


Why Baidu Has Been Hijacked to Attack Github


By: Larry Salibra

Baidu's content data network (CDN), the computers that serve Baidu
analytics and Baidu ads has been hijacked and is being used to launch a
distributed denial of service (DDOS) attack on popular developer tool

The China Twitterverse has been buzzing today[1] with reports of weird
javascript errors[2] on sites linking to Baidu assets (like Baidu 
analytics) when accessed outside of the Great Firewall.

     [1] https://twitter.com/bridgers/status/581325734490157056
     [2] https://twitter.com/Hexcles/status/581332596782575616

equests to Baidu's content data network are being intercepted and
sending back some javascript code instead of the original requested
file. The javascript code instructs visitors browsers to request the
Github pages of anti-censorship group Greatfire[3] and the Chinese
language edition of the New York Times.[4] These groups turned to a
developer source code control tool to host their information with the
knowledge that China was unable to block Github because of the huge cost
to its technology industry.

     [3] https://github.com/greatfire/wiki
     [4] https://github.com/cn-nytimes/mirrors

This DDOS attack is interesting for a few reasons:

     1. It leverages unsuspecting website visitors with uncompromised machines
        to create a DDOS attack

     2. It makes a China based attack appear to come from outside of China by
        only inserting the compromising javascript code in Baidu CDN requests
        made outside of China3. It attacks one of the most popular developer
        site that the Great Firewall has tried unsuccessfully to block in the
        past because of Chinese developer backlash

     3. It appears to be an attempt to pressure Github, a non-news organization,
        to censor content that China objects to.

     4. This outbound attack appears to be originating from the government
        controlled Great Firewall.

More information and detailed technical analysis here[5] and demo
video[6] by Seven Shippo.i[8]

     [5] http://insight-labs.org/?p=1682
     [6] https://www.youtube.com/watch?v=l6eAtcwT5Pc
     [8] https://twitter.com/Shippo7

Posted in 新闻  Tagged DDOS, GFW

#  distributed via <nettime>: no commercial use without permission
#  <nettime>  is a moderated mailing list for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: http://mx.kein.org/mailman/listinfo/nettime-l
#  archive: http://www.nettime.org contact: nettime {AT} kein.org