China weaponises its internet

It had to happen: the network engineers running the Great Firewall of China discovered that not only can the firewall be used to block information flows in and out of the country, but also offensively to manipulate data on the sly.

This is what happened over the last few days to code repository site Github.

Github has been under a large and lengthy denial-of-service attack that redirected traffic to Chinese web service provider and search engine Baidu via malicious Javascript injected by an edge device running on the country’s national firewall.

Baidu is one of the biggest sites in China, if not the largest overall.  Even Github, which appears to be well-prepared for denial-of-service attacks, buckled under the traffic volumes.

The attacks serve several purposes: they hit the targets, slow them or even shut them down, while running up their traffic and administration costs.

Online censorship monitoring site Greatfire for instance was looking at costs a shade below A$40,000 a day to deal with a vast denial of service attack.

If a provider knows that China will come after it with a megaton of traffic from random sources around the world, it might think twice before hosting a site which angers the authorities in the Middle Kingdom.

Networks that are frequently subject to attacks may also be inclined to drop traffic from and to China, as a security measure. Such action would probably be welcomed by the Chinese government, which most certainly does not approve of access to the free internet for its populace.

But this approach may not help with denial-of-service attacks orchestrated so that users worldwide unwittingly join in on them.

The Chinese appear to be dabbling in not just denial-of-service attacks, but domain name system poisoning - again for traffic redirection - and man-in-the-middle interception attacks against Secure Sockets Layer/Transport Layer Security authenticated and encrypted connections by delegating the issuance of bogus digital certificates.

It’s one thing to defend against malicious hosts and botnets running on separate networks, but to have the most populated country in the world using its internet as a weapon against others, is quite another.

To a degree, there are methods to mitigate against the attacks, but since the internet is still by and large run on trust, and assuming only a small number of rogue operators will attempt to subvert the spirit of cooperation, it’s difficult to defend against China's strategy completely.

Another problem is that the attacks are very blunderbuss in nature, with a high risk of collateral damage. Entire networks are flooded, the DNS is subverted and SSL/TLS trust and authority chains are compromised just to get at one or a few sites that are deemed enemies of China.

What’s more, if the attacks continue, they could inspire other countries to do the same or retaliate in kind - if the United States or another large, well-connected nation gets involved and returns the favour, it won’t be pretty for internet connected businesses globally.

It’s time to start talking to the Chinese authorities about what’s happening and drive home the consequences of using its internet as a weapon, before it’s too late.

Meanwhile, if you want the skinny on how the recent denial-of-service attacks were accomplished, read Greatfire’s technical analysis of the DDoS.