March 28, 2015

"People outside China are being weaponized to target things the Chinese government does not like."

Washington Post An unknown party hijacked widely used tools developed by Baidu, the largest search engine in China, this week in an apparent attempt to target online software used to get around Chinese censorship. By Andrea Peterson

'The assailants injected malicious code into the tools Baidu uses to serve ads on a wide range of Chinese Web sites and to provide analytics for Web developers, according to researchers. The code instructed the browsers of visitors to those sites to rapidly connect to other sites, but in a way that the visitors couldn't detect. That sent a flood of traffic to two anti-censorship tools offered by the group GreatFire hosted on GitHub, a popular site used by programmers to collaborate on software development. One of the tools targeted by the attack effectively allows Chinese users to access a translated version of the New York Times.

'At times the attack made GitHub, which is used by programmers around the world and the U.S. government itself, unavailable for some users.

'GitHub was briefly blocked inside China in 2013, but reinstated after an outcry from programmers. Because GitHub uses encryption to hide specific parts of the site, the Chinese government cannot selectively block only some of GitHub's content. But blocking the site wholesale could be damaging to China's economy because it is so widely used by the tech industry.

'GreatFire reported its own site was the subject of a similar traffic flooding attack earlier this month.
While determining the entities behind these types of attacks is difficult, the Chinese government would be an obvious culprit, said James A. Lewis, a senior fellow at the Center for Strategic and International Studies. "The only people who would really benefit from it would be China," he said. Using such a bold tactic to attack content it dislikes seems to be either a way for the government to send a message or test out new capabilities, he said.'

more here

No comments: