Niels Provos of Google Security Team wrote a blog post today giving us insight into the DDoS attack suffered by Github last month.
Provos says that Google’s Safe Browsing infrastructure, which scans websites for malicious content, picked up the attack in early March.
The attackers targeted Amazon’s CloudFront and then switched to Github.
Provos writes :
The attack against the cloudfront hosts stops on March 25th. Instead, resources hosted on github.com were now under attack.
Safe Browsing detected 8 websites serving malicious scripts targeting Github, all hosted on baidu domains :
- cbjs.baidu.com (123.125.65.120)
- eclick.baidu.com (123.125.115.164)
- hm.baidu.com (61.135.185.140)
- pos.baidu.com (115.239.210.141)
- cpro.baidu.com (115.239.211.17)
- bdimg.share.baidu.com (211.90.25.48)
- pan.baidu.com (180.149.132.99)
- wapbaike.baidu.com (123.125.114.15)
Data published by Google make it clear that attacks on such a scale will be detected and cannot be covert.
Provos hopes “that the external visibility of this attack will serve as a deterrent in the future”.
Will China get the message ?
Like the Chinese care if they get caught …
Next time Google will tell us how they work hand in hand with the NSA. Looking forward to it.
Even if they are caught, they just pretend they weren’t the ones doing it… regardless of the proof against them. Wouldn’t be the first time.
In this specific case China cannot deny they did it. They were caught red-handed 🙂
So it could not be party x planting malicious code on servers y to attack z?
As long as you do not use Baidu, you are safe.
It’s difficult to speculate on the motivation for such an attack, other than possibly a real-world test of their capabilities ( assuming the Chinese govt were actually behind this – as others have noted, Baidu may have been compromised by a 3rd party ).
However it’s *not* difficult to speculate on the motivation for behaviour outlined by Assange in his interview regarding Google: https://wikileaks.org/google-is-not-what-it-seems/
I know which one I’m more worried about.
The attack targeted software hosted by Chinese dissidents. Baidu infrastructure was used. Looks like we can attribute the attack to China. Maybe they wanted to test their new capability.
It’s like when they blew up a satellite … Playing with new toys …
Google is watching everything. Google == NSA.
Unless you use TLS you are vulnerable to traffic injection. We must encrypt everything.
Baidu is lucky Github users do not put a LOIC on them. Counter-DDOS.
That’s how dictatorships behave on the net. Today they started censoring facebook.