A Nation State modified it’s users’ web traffic to overload the deployed servers of a Silicon Valley start-up. The business, GitHub, allows businesses to store files online.
Why this matters…
This was done to bring offline content that was against their censorship policies. Such an attack is possible against any business, service, or organization. This could be done against something as harmless as taking offline any website in the planet, but could also be applied to any critical infrastructure sensor and set of systems – think Internet of Things, Nuclear power plants, 911 phone systems, etc ..
The business and nation state security implications are quite severe here. The reason for the attack was about the 2 types of content – New York Times (banned in China) and information on bypassing the Chinese censorship firewall. Clearly these are not aligned to China leadership.
This attack was executed in the following manner:
Despite a good deal of articles the common media (WSJ, Bloomberg, etc..) and political response has been lacking compared to the response and support provided to Sony.
My true concern here is that this minor attack (only a few citizens of China are unknowingly having their traffic used to attack a small technology company) is an excellent BETA TEST for a full scale modification of all 1.4B Chinese citizen traffic against critical infrastructure (46% of population was used for GibHub).