Github suffers multi-day denial of service attack

Researchers suspect the Chinese government could be behind a sustained denial of service attack on code repository Github, with China's national firewall believed to be manipulating network requests to redirect user traffic.

Github has become increasingly popular with developers, as several large companies such as Microsoft and Google abandon their own repositories in favour of hosting source code on the site.

On its status page, Github said it had identified a denial of service attack that started three days ago, and had begun mitigating against its effects.

The attack impacted Github Pages, gist paste snippets, and assets, with the entire site at times unavailable to users. 

Github said the attack used "an extremely large amount of traffic", forcing the site admins to deploy volumetric defences against the DDoS in order to deflect it.

As of writing, the denial of service attack against Github continued, but admins had successfully deflected most of the malicious traffic and the site was loading normally.

Security blogger Anthr@x of Insight-labs conducted analysis of the attack traffic and believes the denial of service attack could be the work of the Chinese government.

He visited an infosec site that used analytics from large Chinese web services site Baidu, and discovered a Javascript pop-up warning about malicious code appearing every five seconds.

The Javascript on Baidu attempted to load either the github.com/greatfire or github.com/cn-nytimes URL links at random every two seconds, he said.

Greatfire is an online anti-censorship lobby that has frequently drawn the ire of the Chinese government, and been subject to denial of service attacks itself, believed to be designed to push up its bandwidth cost.

Anthr@x traced the source of the Javascript to what he believes is a device on China's national firewall which modified outgoing traffic and inserted the malicious code running in users' browsers. This effectively hijacked traffic for thousands of Baidu users, causing them to unwittingly take part in the denial of service attack against Github.

He said it's not the first time 'the Great Firewall of China' has been used in denial of service attacks against overseas sites, and pointed to an incident in January this year that generated large amounts of traffic after the country's domain name system service was tampered with, redirecting users' systems to a developer's server in the United States.

Last week, the Chinese government was also placed in the frame over the release of unauthorised digital certificates for Secure Sockets Layer/Transport Layer Security (SSL/TLS) traffic authentication and encryption for Google domains.

The bogus certificates were issued via an Egyptian company that had received the authority to do so from the China National Network Information Centre (CNNIC).

Google discovered the certificates, which were used to conduct silent man in the middle traffic (MITM) interception attacks against its domains, and called it a serious breach of the Certificate Authority system.

Greatfire said media outlets, user forums and bloggers in China that reported on the SSL/TLS MITM attacks on Google and other western service providers such as Microsoft, Apple and Yahoo were told by government officials to take down their posts.