A well-known group of activists that has fought Chinese online censorship for years is publicly accusing China of launching the massive distributed denial of service attacks against the coding website GitHub.On Monday, as GitHub was still under attack, the Internet activist group GreatFire published a forensic report written by an independent security researcher. The report analyzed evidence left behind by the attack on GitHub, as well as a previous attack against GreatFire, and alleges that China is the culprit.
"We now have proof," Charlie Smith, a member of GreatFire who goes by a pseudonym to protect himself, told Motherboard. "The Cyberspace Administration of China is behind both of the recent DDoS attacks."
The forensic analysis shows that both attacks relied on the same technique: malicious code injected within China's network, between users and the so-called Great Firewall, where China can tamper with Internet traffic going into or out of the country.On March 18, GreatFire revealed that its websites hosted on Amazon's cloud hosting service AWS were being hit by a large and unprecedented DDoS attack that was costing the group as much as $30,000 a day in bandwidth.
"The Cyberspace Administration of China is behind both of the recent DDoS attacks."
This, for GreatFire, is the smoking gun, since only the Chinese government, in theory, has the ability to manipulate traffic in that part of the network."This is consistent with previous malicious actions and points to the Cyberspace Administration of China (CAC) being directly involved in these attacks," Smith wrote in a blog post accompanying the report.
Ofer Gayer, a security researcher at Incapsula, a firm that offers anti-DDoS services, seemed to reach the same conclusion—though without explicitly accusing China."Given the fact that the attacker was able to inject the malicious code at a very large scale, it would take someone with high-level clearance in Chinese Internet infrastructure to tamper with the data and initiate the attack," he told Motherboard before GreatFire's report was published.Not everyone, however, is so sure.Jaime Blasco, the director of security firm AlienVault Labs, who reviewed GreatFire's report for Motherboard, said that there just isn't enough evidence to prove that the attacker was the Chinese government.
"There's not enough data to blame the government," Blasco told Motherboard. "But it's either the government, Baidu or Chinese Internet Service Providers who are modifying content.""But given how things work in China," Blasco added, "it's very likely the pressure comes from the government."The Chinese embassy in Washington D.C. did not respond to a request for comment by the time of publication.
"There's not enough data to blame the government."