“The attack began around 2AM UTC on Thursday, March 26, and involves a wide combination of attack vectors. These include every vector we’ve seen in previous attacks as well as some sophisticated new techniques that use the web browsers of unsuspecting, uninvolved people to flood github.com with high levels of traffic,” Jesse Newland, Systems Engineer at GitHub, announced in a blog post on Friday.
“Based on reports we’ve received, we believe the intent of this attack is to convince us to remove a specific class of content.”
The content in question are two projects, cn-nytimes and greatfire. The first mirrors the New York Times for Chinese users (the NYT site is blocked by China’s “Great Firewall”), and the second one mirrors GreatFire.org, a website that exposes China’s internet censorship efforts and helps users get access to their mirror-sites.
Baidu has denied being involved in the attack, saying that their security engineers have ruled out the possibility of security problems or hacker attacks on their own products. There has been no comment from the Chinese government.
GitHub’s System Status page says that the attack is still ongoing, but that all their services are currently available to users.
Judging by the status messages posted throughout these last four days, the attackers have repeatedly been ramping up and evolving their attack methods, and GitHub has been doing the same with their mitigation tactics.