Slashdot Mirror

← Back to Stories (view on slashdot.org)

China's Foreign Ministry: China Did Not Attack Github, We Are the Major Victims

Posted by samzenpus on from the it-wasn't-us dept.

An anonymous reader writes At the Regular Press Conference on March 30, China's Foreign Ministry Spokesperson Hua Chunying responded on the charge of DDoS attack over Github. She said: "It is quite odd that every time a website in the US or any other country is under attack, there will be speculation that Chinese hackers are behind it. I'd like to remind you that China is one of the major victims of cyber attacks. We have been underlining that China hopes to work with the international community to speed up the making of international rules and jointly keep the cyber space peaceful, secure, open and cooperative. It is hoped that all parties can work in concert to address hacker attacks in a positive and constructive manner."

64 of 137 comments (clear)

  1. Plausible Deniability by Spy+Handler · · Score: 4, Insightful

    except in this case it's not so plausible.

    On the other hand NSA denying it created Stuxnet isn't all that plausible either.

    1. Re:Plausible Deniability by Tablizer · · Score: 3, Informative

      Did they officially deny creating Stuxnet? I vaguely remember them saying something like "We don't comment on such as is our policy, and thus won't confirm nor deny".

      --
      Table-ized A.I.
    2. Re:Plausible Deniability by gtall · · Score: 1

      yeah, yer right, comparing apples and oranges produces first class innuendo.

    3. Re:Plausible Deniability by hairyfeet · · Score: 1

      Uhh I thought the retiring head of Mossad bragged about being the one who made Stuxnet? Don't get me wrong, NSA I'm sure has their fingers in a lot of dirty pies but if the head of a major nation state spy agency takes credit for attacking an enemy of the state using spy techniques? Unless evidence goes to the contrary I'd probably believe 'em.

      --
      ACs don't waste your time replying, your posts are never seen by me.
    4. Re:Plausible Deniability by HiThere · · Score: 3, Insightful

      Well, it's actually quite plausible. That doesn't mean you should believe it. Lots of things are believable that aren't true.

      The interesting thing is, I can't think of how they could either make it believable that they did it or that they didn't do it. In some things there are no good grounds for having a belief in either (any) direction.

      The thing is, all the governments I've paid any attention to lie so often that you would do well to use a roulette wheel to decide HOW they are lying in any particular statement. And "They're telling the truth" would be the 00 slot of the wheel. But belief should occur only when there is reasonably grounded evidence...and then it shouldn't be committed belief, because governments are quite able to fabricate evidence when they find it worth the effort.

      --

      I think we've pushed this "anyone can grow up to be president" thing too far.
  2. Proof by Coren22 · · Score: 3, Informative

    Where is their counter to the proof offered during the attack? As I recall the DDoS was caused by requests to the Chinese search engine from outside China.

    --
    APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
    1. Re:Proof by AmiMoJo · · Score: 2, Insightful

      Neither side has presented any convincing evidence. This is just going to keep happening because it's so hard to accurately trace cyber attacks.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    2. Re:Proof by Coren22 · · Score: 2, Informative

      http://it.slashdot.org/story/1...

      Original story, it goes through the mechanism in use right in the summary. It is quite clear that queries to Baidu from outside the great firewall were triggering requests to GitHub.

      --
      APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
    3. Re:Proof by Anonymous Coward · · Score: 5, Informative

      Neither side has presented any convincing evidence. This is just going to keep happening because it's so hard to accurately trace cyber attacks.

      Yep, so hard to accurately trace cyber attacks. But if you had read anything at all on this particular attack:

      Mikko Hyponen, the chief research officer of cybersecurity firm F-Secure, said the attack was likely to have involved Chinese authorities because the hackers were able to manipulate Web traffic at a high level of China’s Internet infrastructure. It appeared to be a new type for China, he added. “It had to be someone who had the ability to tamper with all the Internet traffic coming into China.” he said.

      Though Baidu is the largest search engine in China by several measures, the attack appeared to use traffic from its users outside the country, security experts said. When a user navigated to the Baidu search engine, they said, a code was activated that sent continuous requests for data from the user’s computer to GitHub. By tapping overseas users, the hackers made the attack harder to block, because the requests to GitHub came from all over the world and looked like typical requests for information.

      And also the motive is very clear for China to attack Github. Not so clear for anyone else.

    4. Re:Proof by RavenLrD20k · · Score: 1

      Just playing Devil's Advocate here...but doesn't a country having a wide publicly known motive also make that country a prime target for framing? (Not saying that China didn't do it; as the evidence is considerably against them.)

    5. Re:Proof by tnk1 · · Score: 2

      Yes, but it also implies that someone has a goal in mind by framing China. Either to hide their own activities or to make China look bad.

      Who else has the motive to take down GitHub? Organized crime could, but what do they get out of it? The US Government could, but what would the goal be?

      Unless someone provides motives for other players at that level to make that attack, it's probably China. Simple internet trolls might know how to operate such an attack but probably not the capacity to perform it.

    6. Re:Proof by dos1 · · Score: 3, Informative

      But the actual traffic is international and there's nothing odd in it. It's the actual source of the attack - the hijacked Baidu script that changed non-Chinese visitors of Chinese pages into botnet (well, not really, but very botnet-like) nodes instructed to attack GitHub - that without any doubt came from the Great Firewall of China. It might not be the government, but unless there's a massive man-in-the-middle attack covering the whole non-Chinese Internet, it's definitely something that comes from China.

    7. Re:Proof by AmiMoJo · · Score: 1

      So there is some circumstantial evidence and the conclusion that because the hack was executed at a high level, it must be the government. And then the accusation that China is motivated to take down Github, even though that is clearly a futile goal that never had any serious chance of working. Maybe for a few hours, but it's not like Github would just give up and close, and the projects it hosts would call it quits too. So it is so highly skilled that only a government could do it, but also incredibly naive and doomed to failure.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    8. Re:Proof by HiThere · · Score: 1

      While that's reasonable circumstantial evidence, I don't know that it couldn't have been done by someone else, and the balance of the opinion seems to be that it, indeed, could be done by someone else.

      OTOH, it's not clear who else would have a motive. And, governments not being any more monolithic that corporations, it could quite well have been some department (or actor within a department) acting without any knowledge by the official spokesman, and either with, or without, approval by higher organizational figures. And you can't tell. And that's *assuming* (without proof) that China, in some meaning of the term, was behind the attack.

      So were I to guess, I'd guess that it was probably China behind the attack, and the spokesman for China didn't know. But please note that this is a guess with a lot of unverifiable assumptions, and I wouldn't even want to guess how much probability to assign it.

      --

      I think we've pushed this "anyone can grow up to be president" thing too far.
    9. Re:Proof by houghi · · Score: 1

      It could well be the USA trying to blame China. At this moment I think this is even more plausable when I look what has been done in the past.

      --
      Don't fight for your country, if your country does not fight for you.
  3. Translation: by Verloc · · Score: 4, Insightful

    "We are not hacking because we get hacked a lot"

    The 'logic' here is... not good.

    1. Re:Translation: by Anonymous Coward · · Score: 1

      Besides, "People do a lot of things to get through the Great Firewall" != "China is one of the major victims of cyber attacks".

    2. Re:Translation: by Anonymous Coward · · Score: 2, Insightful

      It's not their logic that is not good, it's your summary that is not good. They aren't saying that the fact that they get hacked a lot proves that they don't hack. They're saying that a lot of people jump to the conclusion that any hacking incident must be from China in spite of the fact that they're are a lot of hackers are from outside of China. The point of saying that they are often the victim of hacking is to emphasize that there are non-Chinese hackers.

    3. Re:Translation: by s.petry · · Score: 1

      And this generalization has been proven false somehow? I have worked for 25+ years focused on IT Security. Complex hacks come from China. Spammers, porn, etc.. comes from Russia. Script kiddies from must about everywhere else. Since the US has access to US data, there is not a whole lot of us hacking ourselves.

      Since China controls the "great wall" anything going outbound becomes suspect for government sponsorship. Large attacks have to be, because there is no way they don't know what's coming in and going out when it reaches scale.

      This attack however was a bit different, and that the DDOS only required a simple modification to an HTML page. It did not have to originate from China per-say.

      --

      -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

  4. I would not be surprised... by ckatko · · Score: 3, Interesting

    ...If it was USA/Israel/Britain/Canada pulling yet another False Flag operation of saying "OMGAWD Asians did it!".

    For those who missed it, Canada outright admitted it they do this.

    1. Re:I would not be surprised... by Anonymous Coward · · Score: 1

      Canada outright admitted it they do this.

      You are a little bit confused.

      Firstly, Canada did not admit this. There was a disclosure as part of the Snowden documents that mentioned false flags.

      Secondly, the disclosed claim concerned the intelligence forces claiming they were capable of performing false flag operations, not that they had ever done so. The document was a pretty sparse high level rundown of capabilities, barely more than a power point presentation (or maybe it was a power point presentation).

    2. Re:I would not be surprised... by dos1 · · Score: 5, Informative

      Have you even checked how this attack looks like? The traffic is *NOT* coming from Chinese servers, but that's not the point. That's actually why it's so powerful. Baidu serves the malicious JavaScript in place of their analytics tracking script. Inside of China it's normal, but when it goes through the Great Firewall it gets changed to malicious script that turns any visitors of webpages with Baidu script (Google Analytics equivalent) attached to them into part of DDoS. The way that script worked initially was actually pretty hilarious. It attached new tag to the page with src attribute being github URL. This allowed github to replace content under those URLs to "alert('WARNING: malicious script detected');", which got executed in every browser that was turned into an attacker (and due to blocking nature of alert, limiting the impact). Of course there's more to that and the techniques used by attackers changed over past days - for instance, now TCP SYN floods started as well. But the fact is that there's definitely some big Chinese player behind it, even if it's actually not the most likely one - the government.

    3. Re:I would not be surprised... by dos1 · · Score: 2

      the <script> tag*

      Mistakenly turned on the HTML formatting. Hopefully it's still readable without the new lines :P

  5. Not much said by PineHall · · Score: 3, Informative
    Here is the question and answer:

    Second, a report says that a US website was under hacker attack, and the source of the attack was from China. How do you respond?

    On your second question, it is quite odd that every time a website in the US or any other country is under attack, there will be speculation that Chinese hackers are behind it. I'd like to remind you that China is one of the major victims of cyber attacks. We have been underlining that China hopes to work with the international community to speed up the making of international rules and jointly keep the cyber space peaceful, secure, open and cooperative. It is hoped that all parties can work in concert to address hacker attacks in a positive and constructive manner.

    1. Re:Not much said by LoneTech · · Score: 1

      Thanks for the quote.. it's interesting to note that he's implying that others won't cooperate with them on regulating the 'net. The truth on that claim would be somewhere between them making unreasonable (whether impractical or unpalatable - we've seen what sort of regulation they do on their own) demands, this statement being false, or the "China hopes to" weasel language being key - allowing that they never tried. Not much said indeed.

  6. Finally by Megahard · · Score: 4, Funny

    We have someone to take the place of the Iraqi Information Minister. I miss that guy.

    --
    I eat only the real part of complex carbohydrates.
    1. Re:Finally by Tablizer · · Score: 1

      Indeed. He made the train-wreck more interesting. If you are going to be a jerk, be an interesting jerk.

      --
      Table-ized A.I.
  7. Always deny by ITRambo · · Score: 2

    Russia and China are reliable liars when it comes to denying what others have caught them doing. Very much like a child that got caught with a hand in the cookie jar. I do not believe denials that come out of either country.

    1. Re:Always deny by Flavianoep · · Score: 2

      Russia, China, as well as any intelligence agency in the world, are reliable liars when it comes to denying what others have caught them doing.

      FTFY.

      --
      Linux is for people who don't mind RTFM.
    2. Re:Always deny by Gavagai80 · · Score: 1

      Not really true. Many intelligence agencies use a "no comment" policy when caught. For instance the NSA's response when caught was that they refused to comment on the veracity of any documents that they considered to have been obtained illegitimately.

      --
      This space intentionally left blank
  8. All parties? by rippeltippel · · Score: 2

    "It is hoped that all parties can work in concert to address hacker attacks in a positive and constructive manner."

    ...all parties? I thought there was just one.

  9. No real interest in security aside from espionage. by sethstorm · · Score: 1

    China stands to gain too much to not be involved. That's their primary way of technological development - industrial/governmental espionage.

    Perhaps they could start explaining how Nortel ended up becoming Huawei and ZTE, amongst other things. Then they could also explain why Huawei has a LOT of ties to the PRC government.

    --
    Twitter supports and protects racists - by smearing their critics with the "Hate Speech" label.
  10. Re: Yeah, sure. by Anonymous Coward · · Score: 3, Interesting

    Wait...really? You'd don't believe the NSA but you'll believe a government official from a country that has killed millions of its OWN people? Wow. I mean, NSA basically stands for National Shitfilled Agency, but I'll believe them in a heartbeat over these buggers.

    Look up mass murder by communist regimes. Look up what happened to the democracy movement in China. Well, assuming you aren't in China, where you aren't free to to so.

    Get your head out of your rear and actually get a clear picture of the regime in China. The NSA may not be the good guys...but the Chinese regime actually IS the bad guys. They only look good in comparison to Pol Pot and the Kim regimes.

  11. False Dichotomy: by Lab+Rat+Jason · · Score: 1

    So China is saying that because they are being attacked, they can't possibly have people doing the attacking?

    --
    Which has more power: the hammer, or the anvil?
  12. DDoS solved in IPv6 by The+New+Guy+2.0 · · Score: 1

    There's a solution to DDoS in IPv6 called the "NAK packet" which is a simple request for upstream routers to not relay any more traffic from the address or addresses that is sending the abusive data. Basically, it's like asking a firewall in between to rule out the bad data.

    1. Re:DDoS solved in IPv6 by DarkSkiez · · Score: 1

      Sounds interesting, however, do you have any RFCs or references about this. I'm having trouble validating this.

    2. Re:DDoS solved in IPv6 by petermgreen · · Score: 1

      Even discounting the spoofing possibilities your proposal would mean that anyone who uses baidu from outside china will find themselves cut off from github. I expect that isn't what github wants.

      --
      note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
    3. Re:DDoS solved in IPv6 by Anonymous Coward · · Score: 1

      I can't find any info about NAK in IPv6, but this has been solved for over a decade in IPv4. https://www.ietf.org/rfc/rfc3514.txt

    4. Re:DDoS solved in IPv6 by LordLimecat · · Score: 1

      If you dont understand networking, its probably best not to wax snarky.

      For the record; layer 3/4 typically doesnt handle authentication.

    5. Re:DDoS solved in IPv6 by The+New+Guy+2.0 · · Score: 1

      When some router sends packets in your direction you generally say "ACK" for it worked and "RST" for start over at a certain point... "NAK" means "I got it, but I don't like it, no more of that for me please!"

      Firewalls can only stop traffic once it travels the line to your side... what would be better is to have a firewall at ISP side of the line to reject traffic you don't want so your line doesn't get overloaded but lets the good traffic through.

    6. Re:DDoS solved in IPv6 by The+New+Guy+2.0 · · Score: 1

      That's dated April 1... April Fools Day. However, it was a joke that was taken seriously by the IPv6/TCP writers.

  13. Hilarious defense by MikeRT · · Score: 4, Insightful

    Your honor, I'd like to remind you that as a member of the Crips, my client is constantly facing risks to his life including up to being gunned down in the street. Therefore he clearly could not have committed that drive by shooting of the Bloods.

  14. If they don't want to be blamed... by ilsaloving · · Score: 2

    If they don't want to continually be blamed for attacking various web properties, then maybe they should... I dunno.... stop attacking various web properties?

  15. Re: I love how every stupid corporation... by rogoshen1 · · Score: 1

    This country was founded by progressives. With the notable exception of slavery (because some smug fuckwit will always think that pointing out the inconsistency somehow makes them edgy, or clever), the US and its devotion to individual freedoms was pretty novel at the time.

    Since then though.. bleh.

  16. Re: Yeah, sure. by Anonymous Coward · · Score: 1

    So...you believe people who kill their own people over people who listen to phone calls? Your moral relativism unit is broken.

  17. ...that China....open and cooperative. by Kekke · · Score: 1

    Heheh, rofl, lmao + all the other acronyms for laugh .........

  18. Quick, get damage control out here by LordLimecat · · Score: 3, Interesting

    One wonders if we'll be seeing the return of the 50 Cent Party in this thread.

    1. Re:Quick, get damage control out here by LordLimecat · · Score: 1

      Comparing the US's propaganda to China's is truly absurd. We have free media here (albeit with their own agenda); China's papers are all in the pocket of the CPC.

      Find me a national publication in China that is critical of the ruling party. I can find hundreds here in the US that openly criticize Obama, Congress, and SCOTUS.

  19. Re:Typical of USA regime to blame China by LordLimecat · · Score: 1

    Well, we all know how much power DC has over Baidu and the border routers in China.

  20. Utter bullshit by musixman · · Score: 1

    Take a look at the attack code people. It's very clear this is a state sponsored attack using baidu, they are targeting VPN software hosted on Github that's used to bypass firewall restrictions in China.

    It's not like baidu would randomly install attack code against github for "no reason". Additionally, it's been 125 hours now & they still haven't taken it down.

  21. Does anyone have genuine proof? by thetoadwarrior · · Score: 1

    I'd actually be more likely to believe it's a desperate US or UK agency trying to prove why they need to take our freedoms away than China. There's so much anti-china stuff out there. Why pick github? But as well apparently British airways and slack are being attacked. What would China have against British Airways? Something doesn't make quite make sense.

  22. Decentralized source control centralized by mars-nl · · Score: 1

    So we moved from centralized source control (CVS, SVN) to decentralized source control such as Git and then we centralize all of repositories in the world on one server...

  23. ... in other news... by Lead+Butthead · · Score: 1

    sun is cool to the touch, sea is but a few inches deep...

    --
    ELOI, ELOI, LAMA SABACHTHANI!?
    1. Re:... in other news... by ganjadude · · Score: 1

      I recall reading about a start that is nothing but a literal giant diamond. That would be pretty cool

      --
      have you seen my sig? there are many others like it but none that are the same
  24. Isn't the solution to block Baidu ? by BlueTrin · · Score: 1

    Shouldn't we block Baidu and make GitHub unavailable from China ?

    --
    Don't you know it is now both immoral and criminal to think beyond the next quarterly report?
    1. Re: Isn't the solution to block Baidu ? by BlueTrin · · Score: 1

      Because blocking Baidu will hurt their interest and stopping GitHub will cause more unrest and show their population what their government is doing ? Maybe I agree with you on the second point after thinking a bit more.

      --
      Don't you know it is now both immoral and criminal to think beyond the next quarterly report?
    2. Re:Isn't the solution to block Baidu ? by spongman · · Score: 1

      Shouldn't we block Baidu and make GitHub unavailable from China ?

      You'd have to convince everyone outside china to block Baidu. And as for blocking GitHub for Chinese users, China would love that. The only reason they're not blocking GitHub is that so many Chinese engineers use it. If someone outside China blocked it for them, they'd be killing two birds with one stone: censoring the VPN info and making another country look bad.

  25. Think of the children by aberglas · · Score: 1

    People have missed the key line in the post, which was ... speed up the making of international rules and jointly keep the cyber space peaceful, secure, open and cooperative.

    We clearly need more rules to control the internet and everybody would have to agree that China is the international expert on internet control.

  26. China was so used to stealing secrets by Ukab+the+Great · · Score: 1

    That the though using 'git clone' never occured to them.

    1. Re:China was so used to stealing secrets by TuxWithoutPants · · Score: 1

      A Chinese sharing for the greater good without personal profit? Man, pass some of whatever you're smoking! (disclaimer: I'm Chinese so I get to insult my race)

  27. Well by TuxWithoutPants · · Score: 1

    They could have went with "weapons of mass destruction" but someone already did that one, so flat out denial is the next best thing isn't it?

  28. Re:No real interest in security aside from espiona by Gavagai80 · · Score: 1

    How is a denial of service attack espionage? I don't see China gaining anything. More likely incompetence/corruption allowed their infrastructure to be used in the attack.

    --
    This space intentionally left blank
  29. Re:Proof (Actual Reporting of Real News) by Coren22 · · Score: 1

    Thank you for that post. You summed up more information than I had seen on the subject. I had just assumed when reading the /. article that GreatFire was just a reference to the source of the attack, I had never heard of the software.

    I wonder if GreatFire has a donation link...Googling does not answer this question for me though.

    --
    APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
  30. Re:Censorship solved in IPv6 too by The+New+Guy+2.0 · · Score: 1

    Really, what this allows routers to say "You're blocked, don't waste your bandwidth in my direction!"