MCLC: Chinese netizens weaponized

[MCLC LIST]

MCLC LIST
Chinese netizens weaponized
From: Long Cheng <long.cheng at pao-pao.net>
Source: pao-pao.net (3/31/15)
Chinese netizens weaponized, resulted in the “largest DDoS attack” in GitHub’s history
GitHub, a website where technicians and coders around the world share experience, has been busy for the past four days mitigating the “largest DDoS attack” in its history.  China has been cited as Wall the source of the attack. Perhaps a more frightening fact is that, internet users in China have been turned into attackers during this cyber-attack, without their knowledge.
The targets are GreatFire’s anti-censorship programs and New Yorks Time China on Github, according to an analysis report from Netresec.
At a press conference on March 30th, Chinese Foreign Ministry did not confirm or deny if Chinese government is behind this attack. Hua Chunying, the spokeswoman of the ministry said:
Some people associate Chinese hackers with recent cyber-attacks on websites in US or elsewhere, this is very strange. I would like to remind you that, China is one of the biggest victims of cyber-attacks. We have always stressed that, China hopes to work together with the international society… to uphold a peaceful, secure, open and cooperative cyber environment.
Turn Netizens into Hackers
Starting from March 27, 12 PM (Beijing Time), when people visit Chinese websites using VPNs to bypass Chinese censorship, it was very likely that they were turned into attackers by a malicious code embedded in the Baidu ads. Instantly, their computers will be recruited to join the attack at GitHub.
Baidu is like China’s Google and many Chinese websites using tracking and advertising code from Baidu. The attack has been dubbed as “HTTP hijacking”: “a certain device at the border of China’s inner network and the Internet has hijacked the HTTP connections” and “replaced some JavaScript files from Baidu with malicious ones” that would load GitHub’s GreatFire and CN-NYTimes projects “every two seconds.”
This will influence internet users who visit Chinese websites via an IP address outside China, including Chinese users who use VPNs or other circumvention tools. In its official weibo account, Baidu Security Lab denied that the attack was related to their security loopholes.
“using regular internet users to engage in DDoS attack is now China’s new political weapon. “User @bitinn wrote, “(Chinese censors) has switched from simply defense to active offense.”
>From Defense to Offense
Indeed, recently Chinese internet censorship mechanism has become more aggressive, and actively attack sites that are deemed too sensitive by the censors. Since this March, China has been accused of DDoS attack Greatfire’s anti-censorship mirror sites. Last week, Google found unauthorized digital certificates for several Google domains, the root CA of which is Chinese Internet network information center  (CNNIC). Google and Mozilla both publicly disclosed this security incident and published blog posts(Google, Mozilla).Chinese Internet network information center.
Github stated in its blog that, the intent of this attack is “to convince us to remove a specific class of content. “ Before this article is published, GitHub is still working to mitigate the attack.
by denton.2 at osu.edu on March 31, 2015
You are subscribed to email updates from MCLC Resource Center  
To stop receiving these emails, click here.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osu.edu/pipermail/mclc/attachments/20150331/966dcd06/attachment-0001.html>