To say that the "Chinese government" is involved I think understates the situation. We know as fact that their army has invested considerable time and money in a cyberwarfare unit. And that the company that operates the Firewall is a military contractor.
When Sony was hacked a few months ago, the media couldn't wait to label it a "terrorist act" by North Korea.
I just now searched Google News for "github terrorism".
That's all, even though the evidence appears more clear that the Chinese government is involved. Whereas North Korea's responsibility was in doubt. The silence speaks volumes.
But is "terrorism" even the correct word for this? When Saddam invaded Kuwait, was that a terrorist act? Consider this quote written by a Chinese military analyst 30 years ago:
those who take part in information war are not all soldiers. Anybody who
understands computers may become a "fighter" on the network. Think tanks
composed of non-governmental experts may take part in decision-making;
rapid mobilization will not just be directed to young people; information-
related industries and domains will be the first to be mobilized and enter
the war..
However, the Chinese may respond by claiming this was a preemptive defense. That GreatFire.com was designed to weaken their security and they were justified in taking action to protect the sovereignty of their computers. Haven't western nations done the same when they were threatened by terrorism or nuclear arms?
It seems to me that we have officially entered the era of a weaponized internet.
>But is "terrorism" even the correct word for this?
Don't use that word. It's barely even a word any more, its become one of those weaponized magic symbols used for mind control. See also "freedom", "globalization", "sharing", "choice" and so on.
Instead, you can just use words like "murder", "destruction of infrastructure" and the like.
Makes sense, once you can come up with a single word to refer to targeting civilians with violence to try to effect political change. That's what "terrorism" meant and that's what it means, even if our news media and government have decided that it can only ever be applied to Muslims.
I've been told by an academic in the field (International Relations) that even within the field there is no academic consensus about the term "terror(ism)".
I'm not sure if that causes the word to be avoided in academic writing, I suppose largely yes (for its lack of any well-defined meaning) with some exceptions (probably by those who agree with the propaganda surrounding the word).
Interesting, but are relatively few terms in academic writing that aren't contested. was the tenor of their point that there's no common ground, or is it the standard wrangling over technicalities/edge cases?
As far as I remember, pretty much that the term is meaningless and/or useless.
The only way to meaningfully use the term "terror(ism/ist)" in academic writing is to exactly define at the start of the paper exactly what you mean and also what you don't mean by "terror(ism/ist)". This may attract knee-jerks of "that's not what it really means/etc", thereby detracting from the main point of the paper.
The other problem is, that even if you nail down the definition, it's still contested because it's a very loaded term no matter how you turn it. The academic goal is objective description, not pointing out good guys and bad guys.
Once you get past that, next problem arises, which is that International Relations just isn't always a hard science (just like History is not). So even if you got a clear definition, and it's accepted that both parties are equally bad, it can still be quite fuzzy whether it's "really" terrorism, because the one guy did this, and the other troops such, but then the guerillas, however it was the rich families that something or other, and Ted supported George, while Bill's family lived on the land for generations, blah blah bla etc. I really suck at history, it's just confusing.
All in all it's just more accurate to describe who did what, and if you want to describe something "terrorism"-ish, it's better to just describe reasons behind the attacks, the psychological goals, and psychological effects certain attacks had on the population, etc. Basically just say what you mean (even if they're theories) and state the facts, but avoid the loaded term.
If we are going to use terms like "cyberwarfare", it make logical sense that other military tactics will also be ported over to digital versions. One of those is the classic weapon test, where a nation demonstrate their military power to the world.
China used 1% of the available traffic from a single CDN. Their choice of target might just have been randomly picked from low priority list for the dual purpose of sending a political message.
With any meaningful definition of the word neither the github attack nor the Sony hack was terrorism. Nobody was trying to spread terror among civilians, nobody tried to influence government policy.
Not terrorism. The attack was somewhat narrowly targeted (at least as narrowly as technically possible, given it's all on one domain) and also tried to achieve the desired end goal. They weren't blowing up random parts of github infrastructure.
I have no question there's a political aspect, though calling the Sony attack terrorism is a better fit. Assuming the purported objective was to prevent release of The Interview, how does exposing the alias Tom Hanks uses to check in to hotels accomplish that? How does that accomplish any objective? (Regardless of the responsible party.)
Is terrorism the correct word for the US government infiltrating, manipulating and subverting technology and services all over the world? Is spreading fear about being monitored by a seemingly lawless entity terrorism?
There is never going to be serious public criticism of China in the west because there are vast numbers of western organizations making vast sums there. The public will see little to nothing that might ask for trade restrictions as a response.
If decades of continuous trade deficit and serious attacks on places like Los Alamos go under or unreported, don't hold your breath for GitHub.
Of course if it were North Korea (or Iran) it would be headlines.
Ah, I didn't know that. But I would call something that can survive a nuclear strike and then be used to coordinate a counter-offensive a weapon, or a least part of a weapon system.
... I can't tell if this is sarcasm or serious. But seriously... What "Mass destruction" can the GFW cause? ... Like Amazon/Azure/Rackspace are WMDs under your current definition?
I think the attack has proven that the government via the GFW can take down any web service they choose. There's not much infrastructure out there than can repel firepower of that magnitude.
Maybe not "destruction" in the permanent sense, but given the damage that a DDOS can do (financially, at least), it would make sense to treat one as an attack on infrastructure.
"blocking GitHub is not really a viable option" he said.
Tell that to the world's craziest democracy - India, which banned GitHub, Vimeo, Pastebin and a bunch of others in December last year.
Some bans were lifted later.
Source : http://www.zdnet.com/article/india-blocks-32-websites-includ...
Agree with this. Anyone who thinks blocking GitHub is not really a viable option has never been on the other side of the GFW.
The Chinese government will happily block any site they want to and they have little/no regard for the popularity or usefulness of the site in question, and often they will block popular foreign sites to help copycat local versions thrive.
Off the top of my head they block Facebook, Twitter and Youtube entirely and Wikipedia selectively (used to be permanently also). I can tell you they don't care about blocking GitHub.
The also have the ability to dynamically block sites based on page content rather than just entire domains, so it would be perfectly feasible for them to block just the project pages and not the entirety of GitHub.
You can't selectively block content on an SSL connection w/o having a back door to the encryption keys used to secure the connection. A man in the middle attack would be detectable unless the root certificates were compromised.
> Agree with this. Anyone who thinks blocking GitHub is not really a viable option has never been on the other side of the GFW.
Before long time ago, people hosting tons of anti Chinese government stuff on Google, especially Common Storage Service, yes people say China wouldn't dare block Google.
I think that action was somewhat different in nature, though. It's an instance of Vogon-type bureaucracy that sends blocking orders to Internet service providers without an understanding of the issues. I presume the Indian government is not actively trying to shut down VPNs that people use to access this kind of resources.
In short, I believe the Chinese government knows what it is doing, while the Indian government does not.
By the way, in my career of 25 years of professional software development, I've only once delivered something that was certified to be bug-free.
That was when the company transferred our work, and the test servers, to India. We shipped the machines, and to send them, they had to be packed on pallets. The pallets were wooden. For Indian customs bureaucracy, I had to arrange a paper called phytosanitary certificate, which states that the wood has no bugs.
Only Gist was blocked, not Github. It was a knee-jerk reaction to a court order after ISIS made a series of threats and some Indians were found to be in contact with the ISIS. All those sites were unblocked soon after.
"World's craziest democracy" - that really made me smile :)
I don't think the Indian Government's competancy in IT (and many other things) come close to that of China; but hey atleast we don't have a muzzle over our mouths (that's partly a lie).
I have a question with the method, hypothetically, if I am the attacker, I know the ttls of each packets tha tis passing through, right?
So when I get a packet with ttl so small that won't survive long enough to reach the target, instead of altering, I just leave it along. So the probe will never know where I am in the route.
But upstream providers within the TTL range will. And during a DDoS like this you can bet that everybody in the chain that is on the good side is in constant communication.
A sufficiently sophisticated man in the middle can be anywhere between origin and destination and have arbitrary distribution. Proving that a particular node is responsible for a particular alteration requires using a trusted trust computer to send packets into the great wall on their first hop.
The experiment in the article required trusted trust of packets destined for the great wall passing through US infrastructure. That this infrastructure can generally be considered neutral is no guarantee that it was in this case. Any router or switch can use arbitrary tables and conditional logic on any packet. The purpose of the experiment was prosecuting a particular suspect not arm's length analysis.
So that experiment would need to be repeated in a distributed manner from as many points of origin as possible.
A friend of mine runs a honeypot service that uses servers all around the planet, someone like him would be in a good position to run analysis like this.
Logically, sufficient distribution of testing doesn't negate sufficient distribution of evil demons. Practically, if the evil demon has state actor level resources, it is more likely to have sufficient distribution than an ordinary commercial or private interest.
On the other hand, I don't think it's really necessary to prove with technology that the 中國人民解放軍 is behind this. Diplomatic logic is sufficient. The behavior is simply an internet equivalent to jamming the Voice of America.[1]
Github is broadcasting. The 中华人民共和国 has a sovereign's policies regarding broadcasting. The 中國人民解放軍 executes those policies. Github operates with a business model that ignores sovereigns at its own peril. Calling one sovereign for aid when dealing with another sovereign also carries peril.
Allowing political content in an online community always comes with the risk of trolling and flamewars. A hands off editorial policy only means Github hasn't made a tough decision about what the Github community is not. Decision day can only be put off so long.
That's the odd thing, they could jam it instantly if they so chose to. The GFWs primary purpose is to limit access to certain urls from within China.
Now of course those repos are intended to circumvent that but once someone has them they are out of reach of the GFW. So blocking those urls at the GFW would seem to be all that's really needed.
Tools like these should be accessible from as many places as possible.
Diplomatic logic suggests Github is serving as an object lesson:
1. 中华人民共和国 has laws.
2. 中华人民共和国 is well connected to the internet.
3. 中华人民共和国 can project its interests
around the world easily in rather nasty ways.
4. 中华人民共和国 can project its interests from
within its borders.
5. 中华人民共和国 has an interest in controlling
commerce within its borders.
I believe this is an act of foreign policy, not domestic. It's not about unplugging citizens from the internet. It is about achieving some parity with other state level actors in regard to what is and isn't allowed on the internet.
中华人民共和国 's interests are orthogonal to those of the US and UK. It is not so much interested in the internet as an organ of a surveillance state or as an alternative source of foreign intelligence in lieu of boots on the ground.
The mechanics of the attack are entirely within the realm of sanctioned internet behavior: visiting a site places javascript in the browser without explicit approval of the end user. The javascript may do something not in the user's interest. The javascript may generate unnecessary internet traffic. The purposes for which the javascript does so are solely the purposes of the site injecting it.
I don't consider myself subject to those terms and conditions and attacking github affects me in a very direct way. As such this is not acceptable and I hope that sufficient work will go into un-ambiguously determining who did this.
Github is a commercial interest. 中华人民共和国 has in recent years worked with commercial interests to mutually acceptable solutions. From 中华人民共和国's standpoint, what the internet's surfs want is Github's concern and they can make their business decisions accordingly.
For the same reason I use "Github" instead of saying "distributed version control ddos'ed" or "git unavailable on the internet". It picks out a more precise set of attributes and methods and limits the likelihood of slipping into anthropomorphisms such as "The Chinese." In particular it limits the range of what is historically relevant: ground combat against the US Army in the 1950's is, against the USMC in 1900 not so much.
Since I believe this is a matter of foreign policy and international trade, the sovereign and the corporation are the appropriate level of abstraction for analysis and language should reflect that in order to be clear.
I haven't read all your posts, but it seems like you've spent some time in China. You articulate matters as I'd expect a mainlander Chinese to do so, eg Western governments, or "sovereigns" as you say, restricting freedoms to maintain a harmonious society.
Never been near to China. I read some Hobbes. Thinking about sovereignty helps me referee futball matches. On the one hand in terms of foul selection and its change during the course of a match, on the other hand the abstraction of a Leviathan with six eyes, two flags and a whistle is a useful theme for the crew pregame regarding roles, responsibilities and expectations.
That Hobbes underpins pretty much any political discussion in the Anglophone world even if not explicitly acknowledged is just a bonus, and I use the terms in the sense of "is" not "ought".
That the Hobbesian model maps onto the political traditions of the Middle Kingdom and futball with little friction suggests the pervasiveness and universality of little '\p` politics.
The mechanics of the attack are entirely within the realm of sanctioned internet behavior
Not sure what you mean by "sanctioned" here. Technically possible? Yes. But also abusing and perverting the most important medium of our age.
The internet largely works BECAUSE of trust and cooperation and BECAUSE actors chose to not fuck with each other. If China truly is behind this I have half a mind to just cut them entirely out, except in a way that is exactly what they want and figuring out how to maintain the positive effects of said internet on democracy and free speech is worth the trouble.
The web is built to permit any website to load arbitrary javascript on a person's browser for whatever use that website chooses. It is also built to permit any website from loading arbitrary tracking technology for whatever purpose the website chooses, but 中华人民共和国 is not really interested in that.
There is significant evidence that the US, UK, and other state actors are fucking with people. That it is not in the same way 中华人民共和国 is is a relevant fact to some people and hair splitting to others. Likewise the trend in 中华人民共和国 toward greater democracy and in the US, UK and other nation states toward greater oligarchy is a relevant fact to some and hair splitting to others.
Free speech and democracy only exit so long as the sovereign believes they will keep the peace. The US, UK and other sovereigns willingly restrict free speech in favor of intellectual property interests in recent days. They have always been willing to curtail the trappings of popular sovereignty to keep the peace. That's the social contract.
The internet has grown where and in directions that coincide with the interests of sovereigns. Sometimes that means acceding to popular demand. Sometimes it doesnt (e.g. Napster).
I think the thing everyone is forgetting is that if it isn't state sponsored/approved then why hasn't it been turned off (as far as I am aware the attack is still ongoing).
If it was a hack, surely China Unicom should have fixed it by now?
Hasn't it stopped as of March 31? Github system status now shows green, whereas they previously said "We will keep our status at yellow until the threat has subsided": https://status.github.com/messages
I apologize because I have not had time to really looking into this closely, but I think you are correct that the author's conclusions need to be reviewed. He repeatedly says that it is a man in the middle attack, but the link he points to says it is a man on the side attack. This is a very different beast: a man on the side attack does not rewrite packets, but rather uses it's position on the backbone to send replacement packets that will arrive before the real ones do. Also, the referenced link states that these packets are being sent on only 1% of responses. So if this is the case a traceroute is probably not going to find the issue. The offending node does not have to respond at all -- especially if it sends the bogus packets by a different route.
Again, I have not looked at this in detail yet and probably won't have time for a few days. I would welcome a discussion on this point.
The man in the middle attack was injecting javascript to recruit unwitting man on the side attackers against github. github was not being MITM'd, but its "attackers" were.
edit: above may be imprecise. I went back and read the original more closely. they note that if they artificially drop an injected packet, it doesn't get resent (and hence the conclusion that it's man on the side), but they don't mention whether they get the original packets or not. If something is blocking the original baidu packets, it would have to be in the middle, not just on the side.
Yes, I was wondering whether the original packets arrive or not as well. I'd love to see the traces. In my quick read of the this article I couldn't understand the method that they used to make their determination. Was it the bad packets or the good packets that had the TTL rewritten? The fact that there is a system rewriting packets does not necessarily imply it is an attack. I once wrote a SIP client and the local ISP actually rewrote my headers -- I had a bug in the header and just sending it through the network rewrote it so that it was fixed. This was in Canada. As a result, I have absolutely no doubt that packets are being rewritten all over the place, not just in China. Detecting this is not proof in itself that this is the origin of the attack.
Responding to my own post (bad form). But hasn't he just found a network cache? Many firewalls block certain kinds of ICMP traffic for security reasons. So not being able to traceroute to some place is not suspicious in and of itself. So he sets the TTL so that it should not hit Baidu, but I notice in the picture of the last trace that he actually gets a "200 OK". I would not have thought that a man in the middle device would respond because then it would have to also know the content with which to respond. Since this is not the target Baidu machine, this has to be a cache.
It is possible that the cache is also injecting the attack, but I don't actually see anything that suggests this from the data in the article.
Because it's a man on the side attack, it sends its attack packets when it sees the original request. He's taking advantage of this by lowering the TTL so that the request never actually reaches the destination server and only the system doing the attack is able to respond.
My first thought was that at the very least he should be comparing it to a tcp-traceroute (i.e. traceroute -T ...) rather than an ICMP one. Other routers before them may make different routing decisions based upon the type of IP traffic, so assuming both take the same path is unsafe.
> While many explanations are possible, such as hackers breaking into these machines, the overwhelmingly most likely suspect for the source of the GitHub attacks is the Chinese government.
Correlating the circumstantial facts that China has a giant firewall, the content being blocked is getting around China's firewall, and an attack came from somewhere deep in one of China's largest backbone providers, does not make an 'extreme likelihood'; it makes a weak correlation. Likelihood requires reviewing known outcomes to determine a likely result. What other known evidence of specifically these three behaviors by the Chinese government are you basing this conclusion on?
> This is important evidence for our government.
You've taken a massive leap in logic from a machine inside China manipulating global traffic to attack servers in the US, to conclude that it is more likely to have been the Government than anyone else. This is exactly the same as saying any attack originating from the US which appears to be related to US interests must be from the US government. If this was the basis for how we concluded all investigations into illegal actions, anyone who 'looked like' they did it would be found guilty, sans evidence. That may be how other nations' justice system works, but not ours.
Furthermore, in no way is either Github or Baidu's analytics considered 'key US Internet infrastructure'. I mean, Git is even a decentralized system - people can still get work done if it's down!
This is not evidence of the Chinese government's complicity, and pretending it is creates a dangerous logical fallacy that could improperly shape public opinion.
When TPB was pretending to be in North Korea, someone proved that they weren't, [1] because of how quickly they responded to a ping. Could someone narrow down the physical location of the firewall similarly?
You can really only use a method like this to say where a server is not (it can't be halfway around the world because the speed of light limits it), but this is assuming you're communicating directly with the server. The method used to inject these packets on the wire makes this sort of analysis even harder to do this sort of analysis (and if there was concern, appropriate amounts of random delay and noise could be added).
>The method used to inject these packets on the wire makes this sort of analysis even harder to do this sort of analysis
I was under the impression that this was a man on the side attack, so they'd sent a bogus SYN-ACK back to you the moment that they saw a SYN. Theoretically, you should still only be dealing with one RTT.
>(and if there was concern, appropriate amounts of random delay and noise could be added).
I don't think China cares if it gets traced back to them.
The man on the side they're performing, according to analysis, seems to be letting the initial SYN through to the original server, you get the SYN-ACK back from the actual Baidu server. Then after your ACK and HTTP GET, the other packets are injected. If they wanted to make the attack more subtle, messing with the timing to make it match the original SYN-ACK pair and keeping the right TTL values would make it much harder to detect.
"On your second question, it is quite odd that every time a website in the US or any other country is under attack, there will be speculation that Chinese hackers are behind it."
This is important evidence for our government. It'll be interesting to see how they respond to these attacks -- attacks by a nation state against key United States Internet infrastructure.
It seems a bit of a stretch to say that Github is "key US Internet infrastructure"...
I don't know that it is "key US Internet infrastructure", but it's important to a lot of developers and companies. Thankfully GitHub handled the attack pretty well.
Disclaimer: I'm not sure what actual usage stats are like for GitHub.
If GitHub were down for two days that's a metric shitload of projects that can't get deployed. There's a significant number of software projects with dependencies on Github-hosted stuff.
If github were down for two days, you're probably right, those projects can't be deployed.
But if github were down for two months, the nature of git suggests that deployment for those many individual projects would shift either to the originators' infrastructure, or some other aggregating service.
This is true but very limited as well. GitHub isn't used for just git now, it's also an issue tracker, a wiki (yes, those are repos as well, but you don't usually have them sync'd), Github-only services (e.g. Travis), package managers (e.g. Cocoapods and Crates).
There is a lot riding on GitHub that developers use. Hell, even closed-source companies sometimes use empty GitHub repos so they can use Issues for openly available tracking.
The fact that a request with a TTL smaller than 12 does not trigger a response does not mean the responder is the host after 12 hops. Assuming none of the previous hosts misbehaves (they could be increasing or at least not decreasing the TTL) you can only conclude that it is none of the later hosts, but it can still be any of the previous ones.
That leaves you with Comcast AND China Unicom hosts and, considering that the replies you see in the traceroute results can easily be spoofed, it can be any third party as well.
Possible scenarios include (I don't say they are more likely):
1. Comcast is producing the responses, but only does so if the request TTL is large enough to make you blame China Unicom.
2. China Unicom hands the packets over to a third party after just a few hops in their backbone. The third-party sends ICMP Time exceeded messages looking like they are from other China Unicom hosts to make you blame China Unicom.
Conclusion: This is either an obvious attack from within the China Unicom backbone OR a more sophisticated attack where the attacker wants to a) hide his identity and b) blame China Unicom for it (I can't think of a scenario where b) would be a by-product and not on purpose).
Just saying. The sentences in the post that include the words "prove" and "proven" are simply wrong.
No and there probably won't be. Them publicly saying they were being attacked by the Chinese government would put them on some seriously questionable legal ground. They definitely went the right route by not saying anything.
I don't get it. Why doesn't GFW just block those github pages in particular? A lot of people can fork these repos but they won't be anywhere popular to the current pages.
I don't agree with author's conclusion, having a server in a chinese ISP does not mean it's orchestrated by chinese gov. Also, I don't suppose MITM attack organizers have no clue about how TTL works.
In the end, I wonder if the purpose of the great firewall is not for China to defend itself against foreign cyber attacks or because "free internet" might not benefit China currently.
I'm sure computers are now mainstream enough that it would matter for any country to put cyber warfare as a key strategy. The US and the west dominate through open trade and easy communications and free speech. Maybe that makes China vulnerable, and they're trying to defend themselves economically.
You can accuse China all you want, but if you're an american, it's harder to listen to those accusations.
The US spent more than 50 years protecting its residents from Cuban sugar and Cuban cigars and sunburns on Cuba's beaches. Such are the absurdities of powerful sovereigns.
This analysis doesn't just prove the attack orriginated in China, it shows that it takes place immediately inside the first Chinese network the connection reaches on it's way into China. The second piece of analysis shows that this is the same network layer in which the network blocking performed by the Great Firewall occurs. So the great firewall and this attack are both being implemented at the same point in the network infrastructure.
I think an interesting question is how likely it is that some of the great firewall is compromised.
(It could be by some party outside of China, or by some group inside of the Chinese government that does not have an official mandate to use it for things like the Github attack)
Ironically? How is it ironic that a centerpiece of the he Chinese Government's control and monitoring of information is considered critical infrastructure and closely monitored by the Chinese Government?
China is the second most powerful country in the world. Do people really think they are that stupid ? They are not going to attack an American company using infrastructure that anyone can track back to them. This Github DDoS has got to be the work of someone trying to frame the Chinese government. Has anyone considered that angle ?
That's not really a defence. They could easily be that stupid, bureaucracies tend to do extremely stupid stuff when looked at from the outside but every cog on the inside thinks that its action makes perfect sense.
> This Github DDoS has got to be the work of someone trying to frame the Chinese government.
Evidence?
> Has anyone considered that angle ?
Sure, but so far the evidence is that that is not the case.
If it is someone trying to frame the Chinese government I'm sure they'll tell us all about it soon.
> bureaucracies tend to do extremely stupid stuff when looked at from the outside but every cog on the inside thinks that its action makes perfect sense.
If this is Chinese doing, the likely ones responsible are the Chinese Intelligence, not their bureaucracy.
> Evidence?
Occam's Razor. I find it hard to believe that a society with sufficient level of sophistication to obtain $9 trillion GDP[1] would 'accidentally' go on to declare cyber war on US. Especially considering the fact that the attack itself was pretty sophisticated.
On closer examination, you seem to be correct. Without insight into how Chinese secret service works the simplest explanation is that the attack was likely perpetrated by them and that is what we must assume to be of highest probability. I will leave my comments here for posterity.
> the Chinese Intelligence, not their bureaucracy.
Intelligence agencies are bureaucracies. Some are more efficient (less wasteful) than others, but in the end, intelligence work is seldom about secret agents driving Aston Martins. Most of it has always been paperwork. Paperwork is nowadays in electronic format. I don't think the Chinese intelligence agencies are an exception.
Occam's Razor is unscientific. Unless you know of any proof that given 2 or more possible explanations for a phenomenon the simplest one is always closer to the truth.
The problem with that kind of speculation is you can equally use the same argument against itself. ie maybe they're bluffing people into thinking that the Chinese military / government have been framed as it seems too obvious that it would have been them.
We could also speculate from the angle that the officers in charge of making these decisions are not tech-savvy themselves (or at least not to the level that they might realise just how traceable these attacks), which isn't a huge assumption to make when you look at how incompetent many government officials are who have serious influence over technology policies (eg http://www.bbc.co.uk/news/technology-23437473)
So anyway, my point is it's better to look for a little evidence to support a hypothesis rather than blindly speculate.
Powerful countries doing a show of force is nothing unusual. They know they can get away with it. If they had severely impacted github it would have sent a strong message not to do buisiness with people who circumvent the Great Firewall. It makes complete sense to me, they just failed.
On the other hand, why would anybody go to this length to frame to Chinese government? What would they try to accomplish? Obama sending a strongly worded letter to the Chinese government?
How does 'economical and financial sanctions' equate to 'Whitehouse gives order to start false flag operation against github'?
The more that comes out and the more silence there is from the Chinese government the less it looks like a false flag operation. Usually the victim of a false flag operation (China in this case, not github) would be very adamant about its non-involvement and would work very hard to expose the originator.
Yes, just like if Glenn Beck really did not rape and murder a young girl in 1990 he would be very adamant about his non-involvement and would work very hard to expose the actual culprit: http://en.wikipedia.org/wiki/Beck_v._Eiland-Hall
A parody is just that, we're talking about a several day long real attack here.
And if you read that article you'll see Beck sued to get the domain. So it's not like he ignored it, and besides it was obvious from the beginning that he wasn't the one that registered the domain.
What is the diplomatic downside for china exactly? If China can occupy & claim other countries territory in the face of international pressure without a problem, what makes you think a convert op to DDoS github is out of the question?
what makes you think a convert op to DDoS github is out of the question?
The fact that this attack doesn't pass even a most cursory risk/reward analysis.
Anyone with the technical smarts to carry it out must be well aware that there is zero upside potential for China. The targeted projects are not gonna disappear, github is not gonna disappear.
All possible outcomes are negative; The targeted projects get extra media attention (Streisand effect), the "Cyberwar" narrative in the west is fueled (cf. this HN thread), in the worst case there could even be a minor diplomatic quarrel with the US.
I see several wins for china, the first one is showing off the offensive power of their "great firewall". Not everyone has the ability to withstand such an attack, the chilling effect is real.
Looks like if you want to mess with China then all you have to do is put your material on Github. You think that is the lesson China wanted to teach the world?
Now let's say you want to provide some sort of service that the Chinese government would frown upon. Would this not make you think twice about doing that? A lot of people would take an attack as a point of pride and be deliberately defiant, but a lot of other people would just see it as a big risk to be avoided.
You dont see a chilling effect when the choice is either host your content on github or be blasted off the internet?
Lets not forget this wasnt an easy thing for github to handle. Their service still isnt running at 100% normal. Not to mention the cost burden they're currently dealing with.
You dont see a chilling effect when the choice is either host your content on github or be blasted off the internet?
Was there any doubt about China's ability to blast sites much bigger than Github off the internet to begin with?
They're the second largest economy in the world. They don't need to play painfully obvious MITM tricks on their own infrastructure to carry out an attack - which then doesn't even have enough oomph to make a dent on a large but probably not particularly hardened site.
Lets not forget this wasnt an easy thing for github to handle.
That doesn't change the message that this random, half-assed neck-slap sends.
If this was really done by Chinese authorities and if I was a Chinese dissident then I'd be thrilled rather than chilled. Who knew keeping my stuff online could be as easy as uploading it to Github!
Nobody ever said China couldn't run DDOS tools. This is a deterrent signal sent to businesses outside of China. It publicly demonstrates that China has the will to punish businesses for serving certain kinds of content. Although it's obvious who benefits, it's just deniable enough that they have avoided international censure; today nobody can reasonably think "China wouldn't do that because they fear reprisals," since they just did it; which helps China maintain a credible threat to businesses. They aren't trying to destroy GitHub, just to exert control over businesses which are out of their regulatory reach.
It publicly demonstrates that China has the will to punish businesses for serving certain kinds of content.
Do you really think anyone concerned with these things (activists, VPN providers, companies doing business with China) needed a half-assed, unsuccessful Github attack as a "deterrent signal"?
Why would the "Chinese government" carry out pervasive domestic censorship? They know information is still going to get around on back channels. That was never the point.
The potential gain is that they can extend this capability (and chilling effect) to GitHub and other sites that aren't under the sovereign control of China. Nobody wants to go out of business just because a user uploaded a file which is politically controversial in China. Now every company will think twice and come up with some weaselly reason why they can't have text files about Falun Gong or whatever.
Is this April fool joke? Or are you guys really taking this whole Chinese government theory seriously? If you were leading a 1.6bn populated country how much you would care about a programmer's code site?
To give all those conspiracy theorists a clear picture, what really happened is merely the scale of problem you have never worked on or dreamed to be working on outside China.
This happened year ago when a Chinese state funded train ticket booking website accidentally deployed to production with a opensourced Javascript vendor file still linked to github. And first day that site went live, 30 billion visitors tried to secure a ticket for coming Chinese New Year, when took down github for a good while. Yes it was a DDOS attack from China, by train ticket buyers.
Last November, Chinese online c2c marketplace TaoBao.com, saw 16.7bn transactions in one day, with more than 1 billion CNY settled in a minute. If any of the web dev responsible for even a small promotion page left a link of cool jquery plugin from GitHub, you could have written another holy crap evil government attack post here.
I made a similar comment elsewhere in the thread, but lets assume it's not the Chinese government and it's something accidentally deployed or a hack by some unknown entity.
Why is the code still running a week later? It doesn't take that long to find the offending server/s code and remove it. Especially as it is making the Chinese government look bad, there would be added incentive to fix this pretty quickly.
When Sony was hacked a few months ago, the media couldn't wait to label it a "terrorist act" by North Korea.
I just now searched Google News for "github terrorism".
1. http://www.itpro.co.uk/security/24319/github-falls-victim-to...
2. https://grahamcluley.com/2015/03/github-ddos-attack/
That's all, even though the evidence appears more clear that the Chinese government is involved. Whereas North Korea's responsibility was in doubt. The silence speaks volumes.
But is "terrorism" even the correct word for this? When Saddam invaded Kuwait, was that a terrorist act? Consider this quote written by a Chinese military analyst 30 years ago:
(From http://fmso.leavenworth.army.mil/documents/chinarma.htm)However, the Chinese may respond by claiming this was a preemptive defense. That GreatFire.com was designed to weaken their security and they were justified in taking action to protect the sovereignty of their computers. Haven't western nations done the same when they were threatened by terrorism or nuclear arms?
It seems to me that we have officially entered the era of a weaponized internet.