China's Foreign Ministry: China Did Not Attack Github, We Are the Major Victims

An anonymous reader writes At the Regular Press Conference on March 30, China's Foreign Ministry Spokesperson Hua Chunying responded on the charge of DDoS attack over Github. She said: "It is quite odd that every time a website in the US or any other country is under attack, there will be speculation that Chinese hackers are behind it. I'd like to remind you that China is one of the major victims of cyber attacks. We have been underlining that China hopes to work with the international community to speed up the making of international rules and jointly keep the cyber space peaceful, secure, open and cooperative. It is hoped that all parties can work in concert to address hacker attacks in a positive and constructive manner."

Plausible Deniability

[Spy+Handler]

except in this case it's not so plausible.

On the other hand NSA denying it created Stuxnet isn't all that plausible either.

Re:Plausible Deniability

Don't use grown-up words here.

Plausible Deniability suggests some sort of legal action. These people don't follow laws.
This is more reality TV style: people lying to keep from causing grief at the dinner table.

Except the stakes are a bit higher. Instead of throwing the mashed potatoes over the table when there's a furor it'll be ICBMs. Those splatter a bit more I hear but they generally tend to hit the waitstaff. You are waitstaff. Fetch me my cognac.

Re:Plausible Deniability

[Tablizer]

Did they officially deny creating Stuxnet? I vaguely remember them saying something like "We don't comment on such as is our policy, and thus won't confirm nor deny".

Re:Plausible Deniability

Marshawn Lynch, should be the official PR spokesperson for the NSA, he would do an amazing job

Re:Plausible Deniability

[gtall]

yeah, yer right, comparing apples and oranges produces first class innuendo.

Re:Plausible Deniability

[hairyfeet]

Uhh I thought the retiring head of Mossad bragged about being the one who made Stuxnet? Don't get me wrong, NSA I'm sure has their fingers in a lot of dirty pies but if the head of a major nation state spy agency takes credit for attacking an enemy of the state using spy techniques? Unless evidence goes to the contrary I'd probably believe 'em.

Re:Plausible Deniability

[HiThere]

Well, it's actually quite plausible. That doesn't mean you should believe it. Lots of things are believable that aren't true.

The interesting thing is, I can't think of how they could either make it believable that they did it or that they didn't do it. In some things there are no good grounds for having a belief in either (any) direction.

The thing is, all the governments I've paid any attention to lie so often that you would do well to use a roulette wheel to decide HOW they are lying in any particular statement. And "They're telling the truth" would be the 00 slot of the wheel. But belief should occur only when there is reasonably grounded evidence...and then it shouldn't be committed belief, because governments are quite able to fabricate evidence when they find it worth the effort.

Proof

[Coren22]

Where is their counter to the proof offered during the attack? As I recall the DDoS was caused by requests to the Chinese search engine from outside China.

Re:Proof

Wasn't it in the news that the Snowden leaks showed that Canada had a way of masking the traffic to make it look like it was coming from another country?
http://www.cbc.ca/news/canada/communication-security-establishment-s-cyberwarfare-toolbox-revealed-1.3002978

It's probably just the Canadian spy agency keeping American companies at bay. :)

Re:Proof

[AmiMoJo]

Neither side has presented any convincing evidence. This is just going to keep happening because it's so hard to accurately trace cyber attacks.

Re:Proof

[Coren22]

http://it.slashdot.org/story/1...

Original story, it goes through the mechanism in use right in the summary. It is quite clear that queries to Baidu from outside the great firewall were triggering requests to GitHub.

Re:Proof

Neither side has presented any convincing evidence. This is just going to keep happening because it's so hard to accurately trace cyber attacks.

Yep, so hard to accurately trace cyber attacks. But if you had read anything at all on this particular attack:

Mikko Hyponen, the chief research officer of cybersecurity firm F-Secure, said the attack was likely to have involved Chinese authorities because the hackers were able to manipulate Web traffic at a high level of China’s Internet infrastructure. It appeared to be a new type for China, he added. “It had to be someone who had the ability to tamper with all the Internet traffic coming into China.” he said.

Though Baidu is the largest search engine in China by several measures, the attack appeared to use traffic from its users outside the country, security experts said. When a user navigated to the Baidu search engine, they said, a code was activated that sent continuous requests for data from the user’s computer to GitHub. By tapping overseas users, the hackers made the attack harder to block, because the requests to GitHub came from all over the world and looked like typical requests for information.

And also the motive is very clear for China to attack Github. Not so clear for anyone else.

Re:Proof

[RavenLrD20k]

Just playing Devil's Advocate here...but doesn't a country having a wide publicly known motive also make that country a prime target for framing? (Not saying that China didn't do it; as the evidence is considerably against them.)

Re:Proof

Hmm, maybe Stuxnet was Saudi in origin, and Israel/US were the scapegoat.

Re:Proof

[tnk1]

Yes, but it also implies that someone has a goal in mind by framing China. Either to hide their own activities or to make China look bad.

Who else has the motive to take down GitHub? Organized crime could, but what do they get out of it? The US Government could, but what would the goal be?

Unless someone provides motives for other players at that level to make that attack, it's probably China. Simple internet trolls might know how to operate such an attack but probably not the capacity to perform it.

Re:Proof

[dos1]

But the actual traffic is international and there's nothing odd in it. It's the actual source of the attack - the hijacked Baidu script that changed non-Chinese visitors of Chinese pages into botnet (well, not really, but very botnet-like) nodes instructed to attack GitHub - that without any doubt came from the Great Firewall of China. It might not be the government, but unless there's a massive man-in-the-middle attack covering the whole non-Chinese Internet, it's definitely something that comes from China.

Re:Proof

Unless someone provides motives for other players at that level to make that attack

Actually, I don't see any real point in attacking Github for Chinese government, as it is clear that this isn't quite a short-term solution and won't really achieve any long-term goals such as censorship.

This sort of capability could be very profitably leveraged on black market though, as it can be used to say strategically block some vendor's updates just long enough to weaponize and successfully use them against your target.

Thus this sort of attack actually looks quite like a public statement/proof of concept by some group to show off their expertise/capabilities that are likely auctioned right now somewhere.

Re:Proof

[AmiMoJo]

So there is some circumstantial evidence and the conclusion that because the hack was executed at a high level, it must be the government. And then the accusation that China is motivated to take down Github, even though that is clearly a futile goal that never had any serious chance of working. Maybe for a few hours, but it's not like Github would just give up and close, and the projects it hosts would call it quits too. So it is so highly skilled that only a government could do it, but also incredibly naive and doomed to failure.

Re:Proof

Yeah because big iron routers are impossible to hack in and control...

Re:Proof

[HiThere]

While that's reasonable circumstantial evidence, I don't know that it couldn't have been done by someone else, and the balance of the opinion seems to be that it, indeed, could be done by someone else.

OTOH, it's not clear who else would have a motive. And, governments not being any more monolithic that corporations, it could quite well have been some department (or actor within a department) acting without any knowledge by the official spokesman, and either with, or without, approval by higher organizational figures. And you can't tell. And that's *assuming* (without proof) that China, in some meaning of the term, was behind the attack.

So were I to guess, I'd guess that it was probably China behind the attack, and the spokesman for China didn't know. But please note that this is a guess with a lot of unverifiable assumptions, and I wouldn't even want to guess how much probability to assign it.

Re: Proof

I agree. This is a short term operation, and doesn't have lasting gains. What's the motive? GitHub is not blocked by the Great Firewall either, at least it's generally accessible.

Could this also be explained by having an activist insider working at the suitable position?

Re:Proof

"but unless there's a massive man-in-the-middle attack covering the whole non-Chinese Internet, it's definitely something that comes from China."

what, like QAUNTUM INSERT?

Re:Proof

you can pull this off with QUANTUM INSERT

Re:Proof

[houghi]

It could well be the USA trying to blame China. At this moment I think this is even more plausable when I look what has been done in the past.

Re:Proof

Hmm, maybe Stuxnet was Saudi in origin, and Israel/US were the scapegoat.

Satire aside, Stux could have easily been Russian or Chinese as well as US. Neither of these countries want a new entrant to the nuclear club, especially one with crazy religious tendencies and in the mideast. It diminishes their influence and control. It will likely prompt a regional nuclear arms race. Also keep in mind that Russia is in the neighborhood troublesome muslim minorities as well.

Translation:

[Verloc]

"We are not hacking because we get hacked a lot"

The 'logic' here is... not good.

Re:Translation:

Besides, "People do a lot of things to get through the Great Firewall" != "China is one of the major victims of cyber attacks".

Re:Translation:

[mi]

The 'logic' here is... not good.

Yeah, kind of like Germans denying having bombed anyone during WW2: we were bombed a lot ourselves.

Re: Translation:

Except there's no denial in the spokeswoman's answer: the headline is wrong.

Re:Translation:

It's not their logic that is not good, it's your summary that is not good. They aren't saying that the fact that they get hacked a lot proves that they don't hack. They're saying that a lot of people jump to the conclusion that any hacking incident must be from China in spite of the fact that they're are a lot of hackers are from outside of China. The point of saying that they are often the victim of hacking is to emphasize that there are non-Chinese hackers.

Re:Translation:

"It's hard to find the moral high ground when we're all standing in the mud." --BSG

Re:Translation:

[s.petry]

And this generalization has been proven false somehow? I have worked for 25+ years focused on IT Security. Complex hacks come from China. Spammers, porn, etc.. comes from Russia. Script kiddies from must about everywhere else. Since the US has access to US data, there is not a whole lot of us hacking ourselves.

Since China controls the "great wall" anything going outbound becomes suspect for government sponsorship. Large attacks have to be, because there is no way they don't know what's coming in and going out when it reaches scale.

This attack however was a bit different, and that the DDOS only required a simple modification to an HTML page. It did not have to originate from China per-say.

Re:Translation:

Besides which generally it's botnets in China not necessarily hackers there. All that means is that in China there are a lot of computers (which makes sense given it's a large country/population) and that many of them are insecure (which makes sense given the number of bootleg copies of Windows).

Re:Translation:

Or.. Chinese hackers also hack China?

Re: Translation:

If there is a denial, its done by neo-nazis. Most of the german population would never deny.

Re: Translation:

Nice. But please look up "per se".

Yeah, sure.

If you believe that, I've got a bridge to sell you in Brooklyn.

Re:Yeah, sure.

I'd believe them more than the NSA any day of the week.

Re: Yeah, sure.

Wait...really? You'd don't believe the NSA but you'll believe a government official from a country that has killed millions of its OWN people? Wow. I mean, NSA basically stands for National Shitfilled Agency, but I'll believe them in a heartbeat over these buggers.

Look up mass murder by communist regimes. Look up what happened to the democracy movement in China. Well, assuming you aren't in China, where you aren't free to to so.

Get your head out of your rear and actually get a clear picture of the regime in China. The NSA may not be the good guys...but the Chinese regime actually IS the bad guys. They only look good in comparison to Pol Pot and the Kim regimes.

Re: Yeah, sure.

I'm not Chinese and I have no love for their government, but there's no way the NSA is more trustworthy. It's filled with lying scumbags who have a hard-on for the East German Stasi.

Re: Yeah, sure.

So...you believe people who kill their own people over people who listen to phone calls? Your moral relativism unit is broken.

Re: Yeah, sure.

So...you believe people who kill their own people over people who listen to phone calls?

The NSA does far more insidious shit than just "listen to phone calls". But just because someone kills people doesn't mean they can't be more honest than someone else who doesn't. There are murderers I'd believe are telling the truth far more than, say, a Wall Street banker. Doesn't mean I approve of what the murderer has done or think they are a great person.

Your moral relativism unit is broken.

No, mine moral compass is perfectly fine. Both sides are shitheads and I support neither. Doesn't change the fact that the NSA is full of lying shitbags who would love to revive the East German Stasi in this country if they were allowed.

Re: Yeah, sure.

So...you believe people who kill their own people over people who listen to phone calls?

To any 911 truthers this could mean the exact opposite of your intent.
Then there's Ruby Ridge, Branch Davidians...
Let's not get holier than thou now.

Re: Yeah, sure.

Let's go through your regurgitated ejaculant for a minute here.

Last time I checked, Winston Churchill allowed the Germans to bomb Coventry unchallenged despite having warning from decrypted German communications in order not to tip off the Germans that the Allies could read German codes.
So is Churchill a mass murderer?
One year later Pearl Harbor happened. I am not convinced Pearl Harbor was unavoidable.

Forgotten Kent State my friend?
Seems like a few Americans got shot in the face by the government.

I'm having some problems sourcing citations about millions of Chinese dying at the hand of the government. Care to provide some reading material about that?

You might also want to decide exactly between "f'ed up" and "very justifiable reasons" as the unifying theme in your argument.
Taking both camps has the undesirable effect of f'ing up your argument.
I'm no political animal, but I believe the American government seems to have some problems with patriots upholding the 2nd Amendment in Ruby Ridge...

But listen, at the end of the day, kick back and enjoy your government approve carcinogenic Monsanto Roundup (glyphosate), and 100% safe genetically modified food.
Hey, the government is here for ya.

Re: Yeah, sure.

[david_thornley]

Last time you checked where? Churchill didn't allow the Coventry bombing to go through. There was a screwup in the system, which meant the Germans got an unopposed shot at Coventry. As a general rule, the Allies acted on their intelligence, although they constantly tried to provide plausible excuses how they could have gotten the information otherwise. Pearl Harbor was avoidable, in that the Japanese didn't have to do it. What do you think the US should have done to prevent it? Send warning messages a week and a half before warning of possible hostilities and ordering the Army and Navy onto a war footing? They did that.

In case you're looking for tens of millions of Chinese deaths, the Wikipedia article on the Great Leap Forward is a good place to start. If you had problems sourcing citations about that, you weren't trying. For somebody who can find improbable conspiracy theories, you're awful bad at finding well-known history.

I would not be surprised...

[ckatko]

...If it was USA/Israel/Britain/Canada pulling yet another False Flag operation of saying "OMGAWD Asians did it!".

For those who missed it, Canada outright admitted it they do this.

Re:I would not be surprised...

For those who missed it, Canada outright admitted it they do this.

I did miss it. So much new information about our spy agencies comes out these days it's hard to stay on top of it - someone needs to write a book on what we know about Snowden's relvalations so far.

In the meantime, could you explain a bit more about Canada DDOSing sites in false-flag operations?

Re:I would not be surprised...

It's almost guaranteed to be a false flag. Who would be stupid enough to do a DDOS that's clearly coming from their own servers? No one.

The projects targeted are also projects that the US wants destroyed. The original idea was to try and stir up dissent in certain countries (namely China and Iran), but instead they created things like the Silk Road, and have been actively trying to put that genie back in the bottle ever since. This is almost certainly a US-generated cyber attack that's attempting to "shut down drug traffic."

Re:I would not be surprised...

Canada outright admitted it they do this.

You are a little bit confused.

Firstly, Canada did not admit this. There was a disclosure as part of the Snowden documents that mentioned false flags.

Secondly, the disclosed claim concerned the intelligence forces claiming they were capable of performing false flag operations, not that they had ever done so. The document was a pretty sparse high level rundown of capabilities, barely more than a power point presentation (or maybe it was a power point presentation).

Re:I would not be surprised...

[dos1]

Have you even checked how this attack looks like? The traffic is *NOT* coming from Chinese servers, but that's not the point. That's actually why it's so powerful. Baidu serves the malicious JavaScript in place of their analytics tracking script. Inside of China it's normal, but when it goes through the Great Firewall it gets changed to malicious script that turns any visitors of webpages with Baidu script (Google Analytics equivalent) attached to them into part of DDoS. The way that script worked initially was actually pretty hilarious. It attached new tag to the page with src attribute being github URL. This allowed github to replace content under those URLs to "alert('WARNING: malicious script detected');", which got executed in every browser that was turned into an attacker (and due to blocking nature of alert, limiting the impact). Of course there's more to that and the techniques used by attackers changed over past days - for instance, now TCP SYN floods started as well. But the fact is that there's definitely some big Chinese player behind it, even if it's actually not the most likely one - the government.

Re:I would not be surprised...

[dos1]

the <script> tag*

Mistakenly turned on the HTML formatting. Hopefully it's still readable without the new lines :P

Re:I would not be surprised...

That is so idiotic.

Not much said

[PineHall]

Here is the question and answer:

Second, a report says that a US website was under hacker attack, and the source of the attack was from China. How do you respond?

On your second question, it is quite odd that every time a website in the US or any other country is under attack, there will be speculation that Chinese hackers are behind it. I'd like to remind you that China is one of the major victims of cyber attacks. We have been underlining that China hopes to work with the international community to speed up the making of international rules and jointly keep the cyber space peaceful, secure, open and cooperative. It is hoped that all parties can work in concert to address hacker attacks in a positive and constructive manner.

Re:Not much said

[LoneTech]

Thanks for the quote.. it's interesting to note that he's implying that others won't cooperate with them on regulating the 'net. The truth on that claim would be somewhere between them making unreasonable (whether impractical or unpalatable - we've seen what sort of regulation they do on their own) demands, this statement being false, or the "China hopes to" weasel language being key - allowing that they never tried. Not much said indeed.

Finally

[Megahard]

We have someone to take the place of the Iraqi Information Minister. I miss that guy.

Re:Finally

[Tablizer]

Indeed. He made the train-wreck more interesting. If you are going to be a jerk, be an interesting jerk.

Re:Finally

Miss "Baghdad Bob"? We've had "Beltway Jay", and not "Not very earnest" Earnest.....

Always deny

[ITRambo]

Russia and China are reliable liars when it comes to denying what others have caught them doing. Very much like a child that got caught with a hand in the cookie jar. I do not believe denials that come out of either country.

Re:Always deny

[Flavianoep]

Russia, China, as well as any intelligence agency in the world, are reliable liars when it comes to denying what others have caught them doing.

FTFY.

Re:Always deny

[Gavagai80]

Not really true. Many intelligence agencies use a "no comment" policy when caught. For instance the NSA's response when caught was that they refused to comment on the veracity of any documents that they considered to have been obtained illegitimately.

Re:Always deny

not really. NSA and GCHQ tend to follow the "no comment" rules.

Re: I love how every stupid corporation...

If the wealthy Republicans run this world, why is there a Democrat sitting in the Oval Office?

All parties?

[rippeltippel]

"It is hoped that all parties can work in concert to address hacker attacks in a positive and constructive manner."

...all parties? I thought there was just one.

Forced Bargaining

"We have been underlining that China hopes to work with the international community to speed up the making of international rules and jointly keep the cyber space peaceful, secure, open and cooperative."

No doubt such rules would require removing firewall circumvention software.

Re: I love how every stupid corporation...

Why lie? He is a DINO. He is just another in a long line of hard-core CONservative rulers that this country has had. We have never had a true progressive in national office. The Republican's that rule this country won't allow that to happen.

Of course they are the victim...

After all, they got caught and now they claim to be victims to get away with it... AGAIN.

Re:Of course they are the victim...

I guess you don't know how easy it is to mask where attacks are coming from.

I could DDOS you making it look like it is coming from the White House and Kremlin.

The Chinese are not incompent enough to not mask it.

No real interest in security aside from espionage.

[sethstorm]

China stands to gain too much to not be involved. That's their primary way of technological development - industrial/governmental espionage.

Perhaps they could start explaining how Nortel ended up becoming Huawei and ZTE, amongst other things. Then they could also explain why Huawei has a LOT of ties to the PRC government.

equally true

"The Americans are nowhere near Bagdad. If and when they ever come close, we will crush them."

-Bagdad Bob.

False Dichotomy:

[Lab+Rat+Jason]

So China is saying that because they are being attacked, they can't possibly have people doing the attacking?

Re:False Dichotomy:

A bit of advice.. go back to school and improve your English reading and comprehension before posting.

Dream Team!

China's communist party and UK's Cameron, working together on a peaceful and clean Intrawebs!

Re:Typical of USA regime to blame China

Obvious 50 Cent Party operative is obvious. Enjoy that clean Beijing air!

Two questions

1. Any proof?
2. Do you really expected the answer to be, yes we admitted it? Really?

A Chinese.

DDoS solved in IPv6

[The+New+Guy+2.0]

There's a solution to DDoS in IPv6 called the "NAK packet" which is a simple request for upstream routers to not relay any more traffic from the address or addresses that is sending the abusive data. Basically, it's like asking a firewall in between to rule out the bad data.

Re:DDoS solved in IPv6

[DarkSkiez]

Sounds interesting, however, do you have any RFCs or references about this. I'm having trouble validating this.

Re:DDoS solved in IPv6

[petermgreen]

Even discounting the spoofing possibilities your proposal would mean that anyone who uses baidu from outside china will find themselves cut off from github. I expect that isn't what github wants.

Re:DDoS solved in IPv6

Sounds magical!

So are these NAK packets authenticated in any way?

Or could I just flood all upstream routers on the internet w/ spurious NAK packets?

How many NAKs does a router have to track? Is there a standard?

Re:DDoS solved in IPv6

I can't find any info about NAK in IPv6, but this has been solved for over a decade in IPv4. https://www.ietf.org/rfc/rfc3514.txt

Re:DDoS solved in IPv6

[LordLimecat]

If you dont understand networking, its probably best not to wax snarky.

For the record; layer 3/4 typically doesnt handle authentication.

Re:DDoS solved in IPv6

That is not how this works. The stream would be cut off from china to github. It is a path that is blocked from a specific router by utilizing a specific address. It does not necessarily cut-off an end user. This was thought of when creating this feature, thus the specificity of a packet sent to a distant router. The idea is to cut off the source of malicious traffic as close to the source as possible such that as little of the internet would be blackholed as necessary.

To reiterate explicitly: A person whom uses baidu from outside china would not be blocked from github, but traffic coming from china with the address of that person would be blocked. Any other route to github would still work for that person.

Re: DDoS solved in IPv6

He read it o. The internet, it must be true!

Re:DDoS solved in IPv6

That is pretty funny. At least I hope it is a joke...

Re:DDoS solved in IPv6

[The+New+Guy+2.0]

When some router sends packets in your direction you generally say "ACK" for it worked and "RST" for start over at a certain point... "NAK" means "I got it, but I don't like it, no more of that for me please!"

Firewalls can only stop traffic once it travels the line to your side... what would be better is to have a firewall at ISP side of the line to reject traffic you don't want so your line doesn't get overloaded but lets the good traffic through.

Re:DDoS solved in IPv6

[The+New+Guy+2.0]

That's dated April 1... April Fools Day. However, it was a joke that was taken seriously by the IPv6/TCP writers.

Re:DDoS solved in IPv6

Oh no! Next you'll tell me that IP over Avian Carriers is also a joke and not at all serious. :-(

Do you have any references that describe NAK in IPv6? It sounds like a useful feature, but it also sounds a lot like the evil bit. This is the point I was trying to make. I've looked for more info and I haven't found anything relevant.

Re:DDoS solved in IPv6

Yes, it's a joke. That's the point. The feature you describe sounds really useful and interesting, but it also sounds a lot like the evil bit in RFC 3514. Can you point to any documentation (RFC would be nice) that describes this NAK feature of IPv6? I've looked and I can't find anything relevant, but I would like to learn more about it.

Censorship solved in IPv6 too

There's a solution to DDoS in IPv6 called the "NAK packet" which is a simple request for upstream routers to not relay any more traffic from the address or addresses that is sending the abusive data. Basically, it's like asking a firewall in between to rule out the bad data.

That feature will allow the Great Firewall of China to censor websites much more easily too.

Re:Censorship solved in IPv6 too

[The+New+Guy+2.0]

Really, what this allows routers to say "You're blocked, don't waste your bandwidth in my direction!"

We did not do it,but we know who did, they did not

A simple example.

NSA puts a back door into a Chinese router.
The Chinese watch the NSA put the back door into the router.
The Chinese sells the router to American, Chinese and everyone else.
Both sides play the game, Then they try to blame each other when they are caught.

Hilarious defense

[MikeRT]

Your honor, I'd like to remind you that as a member of the Crips, my client is constantly facing risks to his life including up to being gunned down in the street. Therefore he clearly could not have committed that drive by shooting of the Bloods.

Re:Hilarious defense

Reminds me of richard pryor talking about the guy in court before his case was to be judged.

"...he's being manipulated by these peoples your honor, he tried all sorts of odd jobs, everything he could. He just was trying to raise money for his dear sick grandmother...heh-ehm......when the officers found the 120 kilos....he was trying to buy an...island.....with the correct hospital care for her...."

I'm chuckling right now, remembering prior say it. : p

If they don't want to be blamed...

[ilsaloving]

If they don't want to continually be blamed for attacking various web properties, then maybe they should... I dunno.... stop attacking various web properties?

An anonymous reader writes

CRAP! Who the hell at Slash hole decided to publish this pile of feces? Really? How is China the victim? Proof? None. How were they hurt? Unknown. Plain Slash hole rubbish

Re: An anonymous reader writes

Sorry for my previous post, after all I am a Chinese Anonymous Coward !!!

Conspiracy theory

SJWs control Github, and they hate asians and whites. Therefor, they want to start a war between china and america.

Re: I love how every stupid corporation...

[rogoshen1]

This country was founded by progressives. With the notable exception of slavery (because some smug fuckwit will always think that pointing out the inconsistency somehow makes them edgy, or clever), the US and its devotion to individual freedoms was pretty novel at the time.

Since then though.. bleh.

no denial

Interesting that there is no denial, "why does everyone always blame us" is not the same as "we didn't do it".

Re:Typical of USA regime to blame China

Lame attempt to astroturf us from China. Nice try, but this post is about as phony as they get...

...that China....open and cooperative.

[Kekke]

Heheh, rofl, lmao + all the other acronyms for laugh .........

Re:...that China....open and cooperative.

"peaceful, secure, open and cooperative" - Chinese style!

Bullshit

Nobody on either side is a victim. You're both fucking targets and you're both complicit in the scam of things.

Please, by all means, keep talking shit internationally so I have the IP addresses and IP sinkholes to catch your asses.

I have anti-matter technology, now, so you're just a bunch of weak ass fools.

Captcha: Wrecked: Perfect for you ignorant fucks.

Re: I love how every stupid corporation...

Everything is relative

Quick, get damage control out here

[LordLimecat]

One wonders if we'll be seeing the return of the 50 Cent Party in this thread.

Re:Quick, get damage control out here

Good thing we have our own CIA Half-Dollar party to counter act their 50-Cent.
Thanks to Half-Dollar members such as LordLimecat, cold fjord...I think we got them Chinks covered.

Re:Quick, get damage control out here

[LordLimecat]

Comparing the US's propaganda to China's is truly absurd. We have free media here (albeit with their own agenda); China's papers are all in the pocket of the CPC.

Find me a national publication in China that is critical of the ruling party. I can find hundreds here in the US that openly criticize Obama, Congress, and SCOTUS.

Re:Typical of USA regime to blame China

[LordLimecat]

Well, we all know how much power DC has over Baidu and the border routers in China.

Utter bullshit

[musixman]

Take a look at the attack code people. It's very clear this is a state sponsored attack using baidu, they are targeting VPN software hosted on Github that's used to bypass firewall restrictions in China.

It's not like baidu would randomly install attack code against github for "no reason". Additionally, it's been 125 hours now & they still haven't taken it down.

One thing I've learned

the last few years, is that if the U.S can somehow benefit from it, then it was them who did it. There is always something to gain from casting blame and discrediting.

Does anyone have genuine proof?

[thetoadwarrior]

I'd actually be more likely to believe it's a desperate US or UK agency trying to prove why they need to take our freedoms away than China. There's so much anti-china stuff out there. Why pick github? But as well apparently British airways and slack are being attacked. What would China have against British Airways? Something doesn't make quite make sense.

He who smelt it...

"We didn't fart, you guys totally fart all the time and it's gross...."

Decentralized source control centralized

[mars-nl]

So we moved from centralized source control (CVS, SVN) to decentralized source control such as Git and then we centralize all of repositories in the world on one server...

Re:Decentralized source control centralized

Irony can be ironic sometimes.

Just goes to show that everything is just recycled beans. New names, same shit.

Re:Decentralized source control centralized

So we moved from centralized source control (CVS, SVN) to decentralized source control such as Git and then we centralize all of repositories in the world on one server...

Right, but I still had a full clone of my repository so I could continue working while the site was inaccessible. I could still do commits, switch branches, etc. I just couldn't push updates to the remote copy hosted on Github.

This would have been a whole different story had I been using SVN.

False Flag operations

I'll just leave this here http://www.theregister.co.uk/2015/03/24/snowden_dossier_details_canadian_spies_running_false_flag_operations_online/

... in other news...

[Lead+Butthead]

sun is cool to the touch, sea is but a few inches deep...

Re:... in other news...

There is a star where this is true, and i am sure there is a planet somewhere where the sea may be only a few inches deep. Also please note that in china like most of the world they use the metric system, so it may be only a few cm deep to them.

Re:... in other news...

[ganjadude]

I recall reading about a start that is nothing but a literal giant diamond. That would be pretty cool

Re: ... in other news...

Pink Floyd, duh.

Isn't the solution to block Baidu ?

[BlueTrin]

Shouldn't we block Baidu and make GitHub unavailable from China ?

Re:Isn't the solution to block Baidu ?

Shouldn't we block Baidu and make GitHub unavailable from China ?

Why? They wouldn't care about the former, and the latter is probably what they're trying to achieve.

Re: Isn't the solution to block Baidu ?

[BlueTrin]

Because blocking Baidu will hurt their interest and stopping GitHub will cause more unrest and show their population what their government is doing ? Maybe I agree with you on the second point after thinking a bit more.

Re:Isn't the solution to block Baidu ?

[spongman]

Shouldn't we block Baidu and make GitHub unavailable from China ?

You'd have to convince everyone outside china to block Baidu. And as for blocking GitHub for Chinese users, China would love that. The only reason they're not blocking GitHub is that so many Chinese engineers use it. If someone outside China blocked it for them, they'd be killing two birds with one stone: censoring the VPN info and making another country look bad.

Think of the children

[aberglas]

People have missed the key line in the post, which was ... speed up the making of international rules and jointly keep the cyber space peaceful, secure, open and cooperative.

We clearly need more rules to control the internet and everybody would have to agree that China is the international expert on internet control.

China was so used to stealing secrets

[Ukab+the+Great]

That the though using 'git clone' never occured to them.

Re:China was so used to stealing secrets

[TuxWithoutPants]

A Chinese sharing for the greater good without personal profit? Man, pass some of whatever you're smoking! (disclaimer: I'm Chinese so I get to insult my race)

Get lost China

As someone who has lived in China and faced their useless and painful censorship and draconian controlling of the Internet, I can only tell you two letters: F-U.
We do not believe anything you say about the internet, we don't care about what you say, and it doesn't matter anyway because your way of reasoning is similar to that of a child who can't really think by himself and just follows whatever his told, as long as he is welcomed in the corrupt network that governs that country. Get lost.

False Flag

Wasn't there a report just recently released where it turns out the NSA was working with the Canadian government to do cyber attacks with the intent of blaming it on other parties?

Link: http://news.slashdot.org/story/15/03/23/1151207/leaked-snowden-docs-show-canadas-false-flag-operations

As sad as it sounds, this very well could be that. I know we all want to blame China, but the fact of the matter is, thanks to the NSA, we can no longer claim that with such confidence as it may very well be the NSA doing it.

Re:Proof (Actual Reporting of Real News)

[Required+Snark]

Here's a report on the attack from China Digital Times.

First, a message sent out by the Chinese authorities to not comment on the attack.

The following censorship instructions, issued to the media by government authorities, have been leaked and distributed online. The name of the issuing body has been omitted to protect the source.

Regarding the large-scale distributed denial-of-service (DDoS) attack on GitHub, do not conjecture or comment of your own accord before the authoritative media have reported the case, and do not republish foreign coverage. (March 28, 2015)

Next, the two specific targets of the attack.

The DDoS attack “weaponizes” Internet users outside China who visit websites containing Baidu tracking code. As long as they remain on an affected site, their browser will quietly make repeated requests to the GitHub URLs of censorship monitoring and circumvention project GreatFire.org and its censorship-evading Chinese New York Times mirror, in an effort to overwhelm GitHub’s servers.

This is what GreatFire, the target of the attack, had to say:

When we first blogged about this attack we did not want to level accusations without evidence. Based on the technical forensic evidence provided above and the detailed research that has been done on the GitHub attack, we can now confidently conclude that the Cyberspace Administration of China (CAC) is responsible for both of these attacks [the ongoing one against GitHub, and another against GreatFire earlier this month].

[] Inserting malicious code in this manner can only be done via the Chinese Internet backbone. Even if CAC did not launch the DDoS attack directly, they are responsible for managing the internet in China and it is not possible that they did not know what was happening. These attacks have occurred under CAC’s watch and would have needed the approval of Lu Wei.

Lu Wei and the Cyberspace Administration of China have clearly escalated the tactics that they use to control information. The Great Firewall has switched from being a passive, inbound filter to being an active and aggressive outbound one. This is a frightening development and the implications of this action extend beyond control of information on the internet. In one quick movement, the authorities have shifted from enforcing strict censorship in China to enforcing Chinese censorship on internet users worldwide. CAC can launch these attacks quickly and easily and they have the technical and financial resources behind them to continue to launch DDoS attacks against any website, anywhere in the world.

GitHub is used by GreatFire as a way around Chinese government censorship by the Great Firewall. Here's what GitHub had to say about the attack.

GitHub commented last week that “we believe the intent of this attack is to convince us to remove a specific class of content,” apparently referring to GreatFire’s censorship circumvention tools. GitHub’s compliance would resolve a dilemma for Chinese censors: the site’s HTTPS encryption prevents blocking its contents selectively, and its ubiquity in the tech industry would impose a high economic toll on blocking the entire site. This “collateral freedom” strategy is central to GreatFire’s circumvention projects on other platforms, such as Amazon’s and Microsoft’s.

It's very even handed of the Slashdot Pundits to support the Chinese government contention that they are just poor innocent bystanders who haven't ever censored anybody ever. Of course it's way to much effort to go online and find out what the attack victims think. Our Pundit class nev

Well

[TuxWithoutPants]

They could have went with "weapons of mass destruction" but someone already did that one, so flat out denial is the next best thing isn't it?

Re:No real interest in security aside from espiona

[Gavagai80]

How is a denial of service attack espionage? I don't see China gaining anything. More likely incompetence/corruption allowed their infrastructure to be used in the attack.

I can say this w/ ABSOLUTE certainty... apk

China's a MAJOR source of malicious websites I've been blocking via hosts since 1996 or so here (Russias right up there with them, then India, & of course the U.S.A. + UK etc. on downward).

I know this from creating this program:

APK Hosts File Engine 9.0++ 32/64-bit:

http://start64.com/index.php?o...

* HOWEVER, in fairness? It's TOUGH to reallly 'point-the-finger' @ ANY 1 NATION, since anyone can essentially host ANYWHERE... so who REALLY KNOWS who's behind what out there?

APK

P.S.=> "Agent Provacateurs" & "False Flags" DO HAPPEN, in other words... apk

Re:Proof (Actual Reporting of Real News)

[Coren22]

Thank you for that post. You summed up more information than I had seen on the subject. I had just assumed when reading the /. article that GreatFire was just a reference to the source of the attack, I had never heard of the software.

I wonder if GreatFire has a donation link...Googling does not answer this question for me though.