How did China weaponize every citizen’s browser to DDoS censored content topics at GitHub

jdeluccia_github_china

A Nation State modified it’s users’ web traffic to overload the deployed servers of a Silicon Valley start-up. The business, GitHub, allows businesses to store files online.

Why this matters…

This was done to bring offline content that was against their censorship policies. Such an attack is possible against any business, service, or organization. This could be done against something as harmless as taking offline any website in the planet, but could also be applied to any critical infrastructure sensor and set of systems – think Internet of Things, Nuclear power plants, 911 phone systems, etc ..

Cisco IoT graphic (link in article)

The business and nation state security implications are quite severe here. The reason for the attack was about the 2 types of content – New York Times (banned in China) and information on bypassing the Chinese censorship firewall. Clearly these are not aligned to China leadership.

This attack was executed in the following manner: 

the attack was due to HTTP hijacking, and “a certain device at the border of China’s inner network and the Internet has hijacked the HTTP connections went into China, replaced some javascript files from Baidu with malicious ones that would load every two seconds.” Block code execution was also apparently used to prevent looping.

via GitHub suffers ‘largest DDoS’ attack in site’s history | ZDNet.

Despite a good deal of articles the common media (WSJ, Bloomberg, etc..) and political response has been lacking compared to the response and support provided to Sony.

My true concern here is that this minor attack (only a few citizens of China are unknowingly having their traffic used to attack a small technology company) is an excellent BETA TEST for a full scale modification of all 1.4B Chinese citizen traffic against critical infrastructure (46% of population was used for GibHub).

Other thoughts?

James

Advertisements

2 responses to “How did China weaponize every citizen’s browser to DDoS censored content topics at GitHub

  1. Pingback: 2p – How did China weaponize every citizen’s browser to DDoS content at GitHub | Profit Goals

  2. Pingback: 2 – How did China weaponize every citizen’s browser to DDoS content at GitHub | blog.offeryour.com

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s