Github logo

Niels Provos of Google Security Team wrote a blog post today giving us insight into the DDoS attack suffered by Github last month.

Provos says that Google’s Safe Browsing infrastructure, which scans websites for malicious content, picked up the attack in early March.

“S

The attackers targeted Amazon’s CloudFront and then switched to Github.

Provos writes :

The attack against the cloudfront hosts stops on March 25th. Instead, resources hosted on github.com were now under attack.

Safe Browsing detected 8 websites serving malicious scripts targeting Github, all hosted on baidu domains :

  • cbjs.baidu.com (123.125.65.120)
  • eclick.baidu.com (123.125.115.164)
  • hm.baidu.com (61.135.185.140)
  • pos.baidu.com (115.239.210.141)
  • cpro.baidu.com (115.239.211.17)
  • bdimg.share.baidu.com (211.90.25.48)
  • pan.baidu.com (180.149.132.99)
  • wapbaike.baidu.com (123.125.114.15)

Data published by Google make it clear that attacks on such a scale will be detected and cannot be covert.

Provos hopes “that the external visibility of this attack will serve as a deterrent in the future”.

Will China get the message ?

 

13 COMMENTS

  1. Even if they are caught, they just pretend they weren’t the ones doing it… regardless of the proof against them. Wouldn’t be the first time.

  2. It’s difficult to speculate on the motivation for such an attack, other than possibly a real-world test of their capabilities ( assuming the Chinese govt were actually behind this – as others have noted, Baidu may have been compromised by a 3rd party ).

    However it’s *not* difficult to speculate on the motivation for behaviour outlined by Assange in his interview regarding Google: https://wikileaks.org/google-is-not-what-it-seems/

    I know which one I’m more worried about.

  3. The attack targeted software hosted by Chinese dissidents. Baidu infrastructure was used. Looks like we can attribute the attack to China. Maybe they wanted to test their new capability.

LEAVE A REPLY