advertisement
advertisement
advertisement

GitHub Is Still Under The Biggest DDoS Attack In Its History

Chinese attackers are targeting two GitHub anti-censorship projects.

GitHub Is Still Under The Biggest DDoS Attack In Its History
[Photos: Flickr users Alex and Christopher Schirner]

If you don’t have any trouble loading GitHub.com today, don’t be fooled: The site is still under a massive distributed denial of service (DDoS) attack that began on Thursday morning.

advertisement
advertisement

In the biggest DDoS attack in its history, GitHub is facing an onslaught of malicious inbound traffic from what appear to be China-based sources. More than just a typical attack on a website, the operation is an assault on a community of coders–and ostensibly, the network’s open-source ethos itself.

As the largest code repository in the world, GitHub hosts a massive variety of projects, but whoever initiated this attack has its eye on two in particular: GreatFire, an anti-censorship tool and a Chinese edition of The New York Times called cn-nytimes. Whoever is behind the attack obviously isn’t a proponent of free speech in China.

By now, the DDoS attack has been mitigated to the point that’s no longer affecting the uptime of the GitHub website (for the time being, anyway), but as the company’s website notes, “All systems reporting at 100%. Attack traffic continues, so we remain on high alert.”

A post on Ars Technica describes the mechanics of the DDoS assault:

According to a security researcher at Insight Labs, the DDoS is being caused by some nefarious JavaScript that is being injected by ‘a certain device at the border of China’s inner network and the Internet’ when people visit the Baidu search engine. The JavaScript tells the user’s browser to request two GitHub URLs: https://github.com/greatfire/ and https://github.com/cn-nytimes/. Multiply that by millions of Baidu users, and voilà: a DDoS on GitHub.

Not only is this attack forceful and unrelenting, it’s also adaptive. Since GitHub engineers began combatting the inbound assault, they’ve found that the attackers have evolved their tactics. This is more than just a cyber-prank: These people are determined.

While the origin of the attack isn’t officially known, some security experts are pointing the finger at the Chinese government, given the target of the assault.

advertisement

As a company, GitHub is known to eschew traditional management structures in favor a model of open allocation where employees are free to work on whatever projects they wish without interference from managers.

It’s with this spirit of openness that GitHub operates the largest open collection of code in the world. And by directing DDoS traffic toward GitHub’s servers, the Chinese attackers seem to be making a statement much larger than simply knocking out a website.

Luckily for the coders who rely on GitHub to do their jobs, things seem to have calmed down.

advertisement
advertisement

About the author

John Paul Titlow is a writer at Fast Company focused on music and technology, among other things. Find me here: Twitter: @johnpaul Instagram: @feralcatcolonist

More