Coding Forum Github Hit By Cyber Attack

 

financial times

March 30, 2015 7:30 am

Coding Forum Github Hit By Cyber Attack

Hannah Kuchler in San Francisco and Charles Clover in Beijing

Github, an online forum for software developers that also hosts tools used by Chinese internet users to bypass censorship, has been hit by a powerful cyber attack that security experts believe originated in China.

The San Francisco-based start-up said it was experiencing the largest denial-of-service attack in its history, as cyber criminals bombarded the site with traffic in an attempt to take it offline.

In a blog post, the company said the attack had started on Thursday and involved a “wide combination of attack vectors”, including “sophisticated new techniques that use the web browsers of unsuspecting, uninvolved people to flood github.com with high levels of traffic”.

The company said that based on reports it had received, “we believe the intent of this attack is to convince us to remove a specific class of content”.

The privately owned company did not specify what content was being targeted, nor did it offer any theories on the origin of the attack. The site is mainly used by software engineers and start-ups to store and collaborate on their work.

But it also contains copies of some websites banned in China, including a page run by Greatfire.org that helps Chinese internet users circumvent government censorship.

Some security experts said the attack appeared to have originated in China, with the web browsers of foreign visitors to Baidu.com, the Chinese search engine, stealthily redirected to Github, overwhelming the site with traffic.

Github was temporarily blocked in China in 2013.

Adam Fisk of Getlantern.org, a site that provides tools for bypassing China’s “Great Firewall” and hosts its installers on Github, said this kind of DDOS attack could cost a company hundreds of thousands of dollars a day, and might be aimed at putting pressure on Github to take down content that could not be blocked wholesale because Github is widely used by China’s technology industry.

“Github is hugely important to the whole internet, it’s where everyone keeps their code,” Mr Fisk said. “The more disturbing strategy shift this represents is that the Chinese are going after sites such as Github not through blocking but through denial of service attacks. It seems like what they are doing is trying to bend Github to their will, to intimidate them.”

Github has managed to keep much of the site live during the attack. It has published regular status updates showing the attention of the hackers switching between different parts of the forum and the highest levels of traffic flooding the system in waves.

The US has accused the Chinese People’s Liberation Army of hacking into American websites, with the FBI recently investigating an attack on Register.com, which manages website addresses, according to people familiar with the probe. The Chinese military denies the accusation and insists it is a victim in the recent global surge in cyber warfare.

Leave a Reply

Your email address will not be published. Required fields are marked *