Github falls victim to possible Chinese cyber attack

Coding site hit by ongoing DDoS, experts suspect Chinese involvement

Coding repository Github has been hit by a mammoth cyber attack, which is believed to be ongoing. 

The website, which is primarily used by developers and software engineers as a platform to store and distribute source code, has been experiencing large-scale Dedicated Denial of Service (or DDoS) attacks, which analysts believe are Chinese in origin.

Github has stated that it believes that "the intent of this attack is to convince us to remove a specific class of content". However, while it has not disclosed what it thinks might be behind the attack, experts have noted that the site is used by many Chinese coders to host tools which circumvent the country's notorious internet censorship.

The cyber attacks hitting the website have largely stemmed from visitors to Chinese Google equivalent Baidu.com being redirected to Github. The search engine has disavowed any connections to the attack, saying it will "get to the bottom of this".

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The tactics used in this particular DDoS have been remarkably thorough. While well-known DDoS-ers Anonymous uses mob logic and sheer force of numbers to overwhelm sites, the attack on Github has used "a wide combination of attack vectors" including "sophisticated new techniques that use the web browsers of unsuspecting, uninvolved people".

One of the primary targets of the Github attack is anti-censorship organisation GreatFire, which hosts its firewall bypass tools on Github. The group has clashed with Chinese authorities before, calling repeatedly for security certificates issued by the Chinese Internet Network Information Centre to be revoked and classified as untrusted.

Hacking

This follows a spate of repeated cyberattacks on the likes of Outlook, Google, Microsoft and more. GreatFire says it has "concrete proof" that China was behind these attacks, citing a Google blog post highlighting the issue of unauthorised certificates.

These links have led some experts to theorise that the Chinese People Liberation Army is behind these hacks. While Github is too valuable a resource to the rapidly-expanding Chinese tech industry to be blocked entirely, it is being speculated that these outages are China's attempt to strong-arm Github's moderators into removing anti-censorship content belonging to GreatFire and others.

This attack bears some marked similarities to the Sony Pictures hack late last year, which was seemingly prompted by negative depictions of North Korean leader Kim Jong Un in The Interview. While the country's military stridently denied any involvement, there were suspicions in many camps that the hacks were allegedly sanctioned by the Korean Government.

Whether or not this is the case, some suggest that China saw the success of the Sony hacks and opted for a similar strategy. It's something the Chinese have been accused of before, and if the cyber attacks currently plaguing Github are Chinese in origin, it could be a sign that cyber terrorism is now seen as a viable method of intimidation.

Advertisement - Article continues below

At time of writing, Github is still online. However, the attack continues, and the cost of holding out against a cyber siege for five days (and counting) is likely to be taking its toll on the websites coffers. It's currently unknown whether the site will cave to the sustained pressure and block GreatFire and its ilk, or if that's even the aim of the attacks.

Is your business prepared for new EU cyber security regulations? This whitepaper offers advice, insight and guidance on what to do next. Read it today here

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/operating-systems/microsoft-windows/354526/memes-and-viking-funerals-the-internet-reacts-to-the
Microsoft Windows

Memes and Viking funerals: The internet reacts to the death of Windows 7

14 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020