Posts Tagged ‘Baidu’

The recent Github attack

2015/03/31

Last Thursday (3/26/2014) a DDoS attack on the code sharing site github.org began, targeting github code pages for greatfire.org, a non-profit that mirrors the web content of sites censored by China, and cn-nytimes.com, a mirror of the Chinese version of the Times, also censored by China. Connections to github.org are via https and are encrypted. Thus “code” posted can be any content, and China’s Great Firewall, can’t filter it when an ordinary citizen retrieves it. China tried to block all of github.org in 2013, but its software technology sector objected to the point that the block was removed.

It appears that there were a number of DDoS attack vectors and techniques, but the one that interested me the most, described in detail by insight-labs, was to hijack the Chinese browser Baidu’s user tracking javascript code (similar to Google Analytics code) and to insert a loop that opened https://github.org/greatfire/ and https://github.org/cn-nytimes/ every two seconds. Thus everyone in China that uses this popular browser became an attack site against github! Since China controls its inner network and the Internet border, it was more or less trivial to insert this MITM (or as netresec.com calls it, a “man on the side”) attack. Apparently only a small fraction of Baidu retrieved pages get injected with this attack; most pages are retrieved normally. Thus Baidu users rarely notice a glitch.

The bottom line is that China’s Great Firewall has been converted from a censorship tool to an attack tool. The folks at Baidu claim to know nothing about this, and frankly, I’m hard pressed to figure out what they could have done to their browser to prevent this hijack. Could our NSA hijack Microsoft’s Internet Explorer in this way?