On Wednesday night of last week, someone started targeting the popular coding site GitHub with a massive distributed denial of service attack, which the company later called the largest in its seven-year history.
More than four days later, the attack is still ongoing.
One of the pages is the GitHub page of GreatFire, a well-known anti-censorship group that's been monitoring Chinese censorship and developing tools to circumvent the country's Great Firewall. The second page was a mirror of The New York Times's website, which is blocked in China.
Given the nature of this attack, Ryan Lackey, an engineer at security firm CloudFlare, told Motherboard that the "very sophisticated network attack" was going to be hard to stop, as the attackers can make the bogus traffic look very close to regular internet traffic.
In the last three days, it looks like this is exactly what happened. While GitHub is not releasing any details (and a GitHub's spokesperson declined to answer any questions from Motherboard on multiple occasions), looking at the site's Status page, it seems like the attackers are relentless.
"The ongoing DDoS attack has shifted again to include Pages and assets," read a status update from Saturday.
"The ongoing DDoS attack has changed tactics," GitHub wrote on Sunday.
While there's no definitive evidence yet, security experts are pointing the finger at China, given that the attack originated inside China's network, and that pretty much no one else has a motive to target GreatFire's GitHub pages.
Mikko Hypponen, a renowned security expert and chief research officer for F-Secure, said that while he has no proof that it's China, "it sure looks like it."
"Who else would have the motive? Who else would have the capability to hijack traffic like this?" he told Motherboard.
Richard Bejtlich, chief security strategist at FireEye, echoed Hypponen in a blog post where he called this attack "unacceptable" and "reprehensible."