Slashdot Mirror

← Back to Stories (view on slashdot.org)

China's Foreign Ministry: China Did Not Attack Github, We Are the Major Victims

Posted by samzenpus on from the it-wasn't-us dept.

An anonymous reader writes At the Regular Press Conference on March 30, China's Foreign Ministry Spokesperson Hua Chunying responded on the charge of DDoS attack over Github. She said: "It is quite odd that every time a website in the US or any other country is under attack, there will be speculation that Chinese hackers are behind it. I'd like to remind you that China is one of the major victims of cyber attacks. We have been underlining that China hopes to work with the international community to speed up the making of international rules and jointly keep the cyber space peaceful, secure, open and cooperative. It is hoped that all parties can work in concert to address hacker attacks in a positive and constructive manner."

7 of 137 comments (clear)

  1. Proof by Coren22 · · Score: 3, Informative

    Where is their counter to the proof offered during the attack? As I recall the DDoS was caused by requests to the Chinese search engine from outside China.

    --
    APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
    1. Re:Proof by Coren22 · · Score: 2, Informative

      http://it.slashdot.org/story/1...

      Original story, it goes through the mechanism in use right in the summary. It is quite clear that queries to Baidu from outside the great firewall were triggering requests to GitHub.

      --
      APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
    2. Re:Proof by Anonymous Coward · · Score: 5, Informative

      Neither side has presented any convincing evidence. This is just going to keep happening because it's so hard to accurately trace cyber attacks.

      Yep, so hard to accurately trace cyber attacks. But if you had read anything at all on this particular attack:

      Mikko Hyponen, the chief research officer of cybersecurity firm F-Secure, said the attack was likely to have involved Chinese authorities because the hackers were able to manipulate Web traffic at a high level of China’s Internet infrastructure. It appeared to be a new type for China, he added. “It had to be someone who had the ability to tamper with all the Internet traffic coming into China.” he said.

      Though Baidu is the largest search engine in China by several measures, the attack appeared to use traffic from its users outside the country, security experts said. When a user navigated to the Baidu search engine, they said, a code was activated that sent continuous requests for data from the user’s computer to GitHub. By tapping overseas users, the hackers made the attack harder to block, because the requests to GitHub came from all over the world and looked like typical requests for information.

      And also the motive is very clear for China to attack Github. Not so clear for anyone else.

    3. Re:Proof by dos1 · · Score: 3, Informative

      But the actual traffic is international and there's nothing odd in it. It's the actual source of the attack - the hijacked Baidu script that changed non-Chinese visitors of Chinese pages into botnet (well, not really, but very botnet-like) nodes instructed to attack GitHub - that without any doubt came from the Great Firewall of China. It might not be the government, but unless there's a massive man-in-the-middle attack covering the whole non-Chinese Internet, it's definitely something that comes from China.

  2. Not much said by PineHall · · Score: 3, Informative
    Here is the question and answer:

    Second, a report says that a US website was under hacker attack, and the source of the attack was from China. How do you respond?

    On your second question, it is quite odd that every time a website in the US or any other country is under attack, there will be speculation that Chinese hackers are behind it. I'd like to remind you that China is one of the major victims of cyber attacks. We have been underlining that China hopes to work with the international community to speed up the making of international rules and jointly keep the cyber space peaceful, secure, open and cooperative. It is hoped that all parties can work in concert to address hacker attacks in a positive and constructive manner.

  3. Re:Plausible Deniability by Tablizer · · Score: 3, Informative

    Did they officially deny creating Stuxnet? I vaguely remember them saying something like "We don't comment on such as is our policy, and thus won't confirm nor deny".

    --
    Table-ized A.I.
  4. Re:I would not be surprised... by dos1 · · Score: 5, Informative

    Have you even checked how this attack looks like? The traffic is *NOT* coming from Chinese servers, but that's not the point. That's actually why it's so powerful. Baidu serves the malicious JavaScript in place of their analytics tracking script. Inside of China it's normal, but when it goes through the Great Firewall it gets changed to malicious script that turns any visitors of webpages with Baidu script (Google Analytics equivalent) attached to them into part of DDoS. The way that script worked initially was actually pretty hilarious. It attached new tag to the page with src attribute being github URL. This allowed github to replace content under those URLs to "alert('WARNING: malicious script detected');", which got executed in every browser that was turned into an attacker (and due to blocking nature of alert, limiting the impact). Of course there's more to that and the techniques used by attackers changed over past days - for instance, now TCP SYN floods started as well. But the fact is that there's definitely some big Chinese player behind it, even if it's actually not the most likely one - the government.