For the past week, code-sharing website GitHub has endured a blistering DDoS (Dedicated Denial of Service) hack attack aiming to knock the website offline.
The attack on the US-based site now seems to finally be abating — and fingers are being firmly pointed at the Chinese authorities as being behind it. It’s not even the first time that China has been accused of hacking American companies.
GitHub may have fallen foul of Chinese censors
The evidence that Chinese authorities were behind the attack is piling up.
First, there’s what the hackers were actually doing. A DDoS attacks works by overloading a website with traffic (often from unwitting, hijacked computers): This stops legitimate visitors from accessing the site, and can even crash the targeted servers entirely, taking the entire website offline.
Two specific pages on GitHub were being targeted by the DDoS attack — and both contain content that frustrates Chinese authorities. The first was maintained by GreatFire, an organisation that monitors China’s online censorship program, which is often referred to as the “Great Firewall of China.” The other page linked to Chinese-language versions of the New York Times, a news publication banned (along with many others) in the country and which has published a recent editorial critical of Chinese “government thuggery.”
GitHub said that “based on reports we’ve received, we believe the intent of this attack is to convince us to remove a specific class of content.”
Security researchers are in agreement
Mikko Hyponen, executive at security firm F-Secure, told the Wall Street Journal that the nature of the attack suggests it may well have been perpetrated by Chinese authorities. He told the Wall Street Journal that the hackers had access to a “high level of China’s Internet infrastructure,” suggesting that “it had to be someone who had the ability to tamper with all the Internet traffic coming into China.”
In a breakdown on how the DDoS attack functioned, security researcher Erik Hjelmvik says he believes that the Chinese government was responsible. “This attack demonstrates how the vast passive and active network filtering infrastructure in China… can be used in order to perform powerful DDoS attacks,” he concludes. “Hence, the [Great Firewall of China.” cannot be considered just a technology for inspecting and censoring the Internet traffic of Chinese citizens, but also a platform for conducting DDoS attacks against targets world wide with help of innocent users visiting Chinese websites.”
GreatFire has also accused China of being behind the attack on the American company, saying it “can now confidently conclude that the Cyberspace Administration of China (CAC) is responsible for both of these attacks.” (GreatFire’s own website has previously been targeted by a DDoS attack, allegedly also orchestrated by the CAC.)
And it’s not the first time…
If true, it’s a brazen attack on an American company by the Chinese government. But this isn’t a new situation. There’s a long list of hack attacks on American companies believed to have been perpetrated by Chinese state-sponsored hackers.
For starters, GreatFire has previously posted evidence on its website purporting to show that the CAC has recently launched man-in-the-middle impersonation hack attacks on Apple, Microsoft, Yahoo, and Google, some of the largest US tech companies. The attack involves impersonating a site via forged certificates of authenticity, to gain access to users’ confidential information.
And Fortune notes that US insurance company Anthem was hacked this year, with 80 million customers’ details compromised, “in what US investigators later said was likely a Chinese state-sponsored operation.”
In fact, last October FBI Director James Comey spoke out against Chinese hackers, saying that practically every major US company has been hacked at some stage by China. “There are two kinds of big companies in the United States,” he said in an interview. “There are those who’ve been hacked by the Chinese and those who don’t know they have been hacked by the Chinese.”
A Senate panel also said last year that China was attacking US military contractors, with computer networks broken into 20 times in a year, according to the Wall Street Journal. (The transport companies weren’t identified by name, and China denies the accusation.) Another report dating back from 2011 labels Chinese hackers as “the world’s most active and persistent perpetrators of economic espionage.”
Of course, the US companies aren’t the only targets of alleged Chinese hackers. Taiwan is currently seeking stronger cybersecurity ties to the US, to help counter the alleged threat of Chinese attacks. The country has seen more hacks targeted at it in early 2014 than any other country in the Asia-Pacific region.
The US is looking for an appropriate response
In May 2014, five Chinese government officials were charged with launching cyberattacks on numerous US companies. The hackers targeted industrial businesses and stole trade secrets. China denied the accusations.
Comey said the indictment is “an important step… But there are many more victims, and there is much more to be done. With our unique criminal and national security authorities, we will continue to use all legal tools at our disposal to counter cyber espionage from all sources.”
The response indicates that the US is prepared to take action against hack attacks — although it is cautious about taking things too far. There’s no historic precedent for this kind of aggressive intrusion by a foreign state actor targeting an American company.
When North Korea was named as being responsible for the devastating attack on Sony Pictures late last year, President Obama was asked whether this foreign attack on a US company should be considered an act of war. He said no, explaining: “I think it as an act of cyber vandalism that was very costly, very expensive. We take it very seriously. We will respond proportionately.”