Github claimed on Twitter, that Github.com/ny-times and Github.com/greatfire are under massive DDoS attack. It is found that the attack source is from everywhere around the globe. And many netizens pointed out that the attack is becaused of a malicious JS, which is hosted on Baidu.
Why?
Because so many websites in Chinese use Baidu Analytics or Baidu Adsense (substitution of Google Analytics and Google Adsense), then those websites all contains JavaScript from Baidu in order to funtions properly. And then the javascript was hi-jacked. I don't know whether is hi-jacked or not. I mean, I don't know the malicious JS is deployed by either a hacker or actually Baidu itself. Anyway, since the JS is malicious, when a user open such a webpage, and load the JS background automatically, then the user's PC is fire up a DDoS attack against Github.
It is not the first time Github's the victim. Github has been under DDoS attack originated from China for many times, and Github has been under MITM Attack for at least one time. The reason is that, there are projects and webpages hosted on Github, either to help Chinese netizens get aware of China Internet Censorship, or reveal news which is banned in China, or teach them how to bypass the censorship firewall (called GFW).
Github is kind of like Wikipedia. They consider freedom of speech as a basic human right. And they don't want to modify the Terms of Use to forbit these usage, even these projects are only cared by Chinese netizens or actually irrelevant for software development, even these projects and webpages result in A LOT OF attack against Github.
And it is not the first time Baidu was used as attack source. Back in 2005, the same trick, malicious JS, which is used by numerous websites using Baidu Analytics/Adsense, and DDoS, against 8848.com .Of course, Baidu denied the accusation, they said they did not envolved in the attack.
Just several days before, Google posted a blog that they've caught CNNIC generating fake digital certificate which can be used for MITM attack. And according to Wikipedia, CNNIC is a NGO. But who will buy it? Obviously CNNIC is not NGO, it is under administrartion of Internet Security and Informatization Leading Group Office of CPC and National Internet & Information Technology Office. And this so called NGO, as the Internet Authority of China, is responsible for the Notorious Malware Chinese Web Browsing Helper, which is usually installed on PC's without awareness of user and is very hard to uninstall. Even CNNIC claims himself as NGO and its Root CA is pre-installed on most Operating Systems and Browsers, I WILL NEVER EVER BUY IT. I DO NOT TRUST CNNIC.
At last, I recommend a website, which can allow netizens to observe the DDoS attack war all around the globe. That is http://www.digitalattackmap.com/
Below is a living demo showing the war record of Sep.15th,2014. (Maybe 14th because of timezone.) BTW, China is acting more as attack source than as attack victim.
Below is a living demo showing the war record of Sep.15th,2014. (Maybe 14th because of timezone.) BTW, China is acting more as attack source than as attack victim.
