China is widely suspected of being behind the recent attack against Github, which was overloaded via “an ongoing and evolving large DDOS attack.” Now Github’s attackers are allegedly using the Cannon to redirect that traffic from Chinese search engine giant Baidu to demolish the website.
Experts believe that China’s Great Firewall has the capability of blocking Web surfers from within the country to access online sites that host content considered as prohibited by the Chinese government. But according to researchers, this latest censorship innovation targeted Web surfers from outside the country who were requesting various pages associated with Baidu.
The attack on Github worked by tampering with an analytics script that the Chinese web giant Baidu distributes. Anyone visiting a site with the script would normally send back data to Baidu and receive a reply, but the Cannon intercepted that data in transit, inserting a new script that would blast Github with bad traffic.
As reported by Weaver, the attacks from the Great Cannon do not succeed when people browse Chinese sites with a Web address that begins with “https://”, meaning that regular Internet users can limit their exposure to these attacks by insisting that all Internet communications are routed over “https” versus unencrypted “http://” connections in their browsers. A number of third-party browser plug-ins — such as https-everywhere — can help people accomplish this goal.
The report concludes that Chinese censors could just have easily served malicious code to exploit known Web browser vulnerabilities.
Baidu was a captivating target for the Great Cannon because of its widely used analytics script. However, the capabilities of the Great Cannon are public so it may become more alert to using code that might be vulnerable to it.
US retaliation was called for the Github attack as it had been described as “attacks by a nation state against key United States internet infrastructure.” The NSA has similar capabilities through the QUANTUM program, revealed by Edward Snowden, but it has never used them in such an aggressive and public way.