China's Foreign Ministry: China Did Not Attack Github, We Are the Major Victims

An anonymous reader writes At the Regular Press Conference on March 30, China's Foreign Ministry Spokesperson Hua Chunying responded on the charge of DDoS attack over Github. She said: "It is quite odd that every time a website in the US or any other country is under attack, there will be speculation that Chinese hackers are behind it. I'd like to remind you that China is one of the major victims of cyber attacks. We have been underlining that China hopes to work with the international community to speed up the making of international rules and jointly keep the cyber space peaceful, secure, open and cooperative. It is hoped that all parties can work in concert to address hacker attacks in a positive and constructive manner."

Plausible Deniability

[Spy Handler]

except in this case it's not so plausible.

On the other hand NSA denying it created Stuxnet isn't all that plausible either.

Re:

[Tablizer]

Did they officially deny creating Stuxnet? I vaguely remember them saying something like "We don't comment on such as is our policy, and thus won't confirm nor deny".

... in other news...

[Lead Butthead]

sun is cool to the touch, sea is but a few inches deep...

Re:

[ganjadude]

I recall reading about a start that is nothing but a literal giant diamond. That would be pretty cool

Re:

[gtall]

yeah, yer right, comparing apples and oranges produces first class innuendo.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:Plausible Deniability

[HiThere]

Well, it's actually quite plausible. That doesn't mean you should believe it. Lots of things are believable that aren't true.

The interesting thing is, I can't think of how they could either make it believable that they did it or that they didn't do it. In some things there are no good grounds for having a belief in either (any) direction.

The thing is, all the governments I've paid any attention to lie so often that you would do well to use a roulette wheel to decide HOW they are lying in any particular statement. And "They're telling the truth" would be the 00 slot of the wheel. But belief should occur only when there is reasonably grounded evidence...and then it shouldn't be committed belief, because governments are quite able to fabricate evidence when they find it worth the effort.

Proof

[Coren22]

Where is their counter to the proof offered during the attack? As I recall the DDoS was caused by requests to the Chinese search engine from outside China.

Re:Proof

[dos1]

But the actual traffic is international and there's nothing odd in it. It's the actual source of the attack - the hijacked Baidu script that changed non-Chinese visitors of Chinese pages into botnet (well, not really, but very botnet-like) nodes instructed to attack GitHub - that without any doubt came from the Great Firewall of China. It might not be the government, but unless there's a massive man-in-the-middle attack covering the whole non-Chinese Internet, it's definitely something that comes from China.

Re:

[AmiMoJo]

Neither side has presented any convincing evidence. This is just going to keep happening because it's so hard to accurately trace cyber attacks.

Re:Proof

[Anonymous Coward]

Neither side has presented any convincing evidence. This is just going to keep happening because it's so hard to accurately trace cyber attacks.

Yep, so hard to accurately trace cyber attacks. But if you had read anything at all on this particular attack [wsj.com]:

Mikko Hyponen, the chief research officer of cybersecurity firm F-Secure, said the attack was likely to have involved Chinese authorities because the hackers were able to manipulate Web traffic at a high level of China’s Internet infrastructure. It appeared to be a new type for China, he added. “It had to be someone who had the ability to tamper with all the Internet traffic coming into China.” he said.

Though Baidu is the largest search engine in China by several measures, the attack appeared to use traffic from its users outside the country, security experts said. When a user navigated to the Baidu search engine, they said, a code was activated that sent continuous requests for data from the user’s computer to GitHub. By tapping overseas users, the hackers made the attack harder to block, because the requests to GitHub came from all over the world and looked like typical requests for information.

And also the motive is very clear for China to attack Github. Not so clear for anyone else.

Re:

[RavenLrD20k]

Just playing Devil's Advocate here...but doesn't a country having a wide publicly known motive also make that country a prime target for framing? (Not saying that China didn't do it; as the evidence is considerably against them.)

Re:

[tnk1]

Yes, but it also implies that someone has a goal in mind by framing China. Either to hide their own activities or to make China look bad.

Who else has the motive to take down GitHub? Organized crime could, but what do they get out of it? The US Government could, but what would the goal be?

Unless someone provides motives for other players at that level to make that attack, it's probably China. Simple internet trolls might know how to operate such an attack but probably not the capacity to perform it.

Re:

[AmiMoJo]

So there is some circumstantial evidence and the conclusion that because the hack was executed at a high level, it must be the government. And then the accusation that China is motivated to take down Github, even though that is clearly a futile goal that never had any serious chance of working. Maybe for a few hours, but it's not like Github would just give up and close, and the projects it hosts would call it quits too. So it is so highly skilled that only a government could do it, but also incredibly naiv

Re:

[HiThere]

While that's reasonable circumstantial evidence, I don't know that it couldn't have been done by someone else, and the balance of the opinion seems to be that it, indeed, could be done by someone else.

OTOH, it's not clear who else would have a motive. And, governments not being any more monolithic that corporations, it could quite well have been some department (or actor within a department) acting without any knowledge by the official spokesman, and either with, or without, approval by higher organization

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Coren22]

http://it.slashdot.org/story/1... [slashdot.org]

Original story, it goes through the mechanism in use right in the summary. It is quite clear that queries to Baidu from outside the great firewall were triggering requests to GitHub.

Re:Proof (Actual Reporting of Real News)

[Required Snark]

Here's a report on the attack from China Digital Times [chinadigitaltimes.net].

First, a message sent out by the Chinese authorities to not comment on the attack.

The following censorship instructions, issued to the media by government authorities, have been leaked and distributed online. The name of the issuing body has been omitted to protect the source.

Regarding the large-scale distributed denial-of-service (DDoS) attack on GitHub, do not conjecture or comment of your own accord before the authoritative media have reported th

Re:

[Coren22]

Thank you for that post. You summed up more information than I had seen on the subject. I had just assumed when reading the /. article that GreatFire was just a reference to the source of the attack, I had never heard of the software.

I wonder if GreatFire has a donation link...Googling does not answer this question for me though.

Translation:

[Verloc]

"We are not hacking because we get hacked a lot"

The 'logic' here is... not good.

Re:

[Anonymous Coward]

Besides, "People do a lot of things to get through the Great Firewall" != "China is one of the major victims of cyber attacks".

Re:

[Anonymous Coward]

It's not their logic that is not good, it's your summary that is not good. They aren't saying that the fact that they get hacked a lot proves that they don't hack. They're saying that a lot of people jump to the conclusion that any hacking incident must be from China in spite of the fact that they're are a lot of hackers are from outside of China. The point of saying that they are often the victim of hacking is to emphasize that there are non-Chinese hackers.

Re:

[s.petry]

And this generalization has been proven false somehow? I have worked for 25+ years focused on IT Security. Complex hacks come from China. Spammers, porn, etc.. comes from Russia. Script kiddies from must about everywhere else. Since the US has access to US data, there is not a whole lot of us hacking ourselves.

Since China controls the "great wall" anything going outbound becomes suspect for government sponsorship. Large attacks have to be, because there is no way they don't know what's coming in and g

Re: Yeah, sure.

[Anonymous Coward]

Wait...really? You'd don't believe the NSA but you'll believe a government official from a country that has killed millions of its OWN people? Wow. I mean, NSA basically stands for National Shitfilled Agency, but I'll believe them in a heartbeat over these buggers.

Look up mass murder by communist regimes. Look up what happened to the democracy movement in China. Well, assuming you aren't in China, where you aren't free to to so.

Get your head out of your rear and actually get a clear picture of the regime in

Re: Yeah, sure.

[Anonymous Coward]

So...you believe people who kill their own people over people who listen to phone calls? Your moral relativism unit is broken.

Re:

[david_thornley]

Last time you checked where? Churchill didn't allow the Coventry bombing to go through. There was a screwup in the system, which meant the Germans got an unopposed shot at Coventry. As a general rule, the Allies acted on their intelligence, although they constantly tried to provide plausible excuses how they could have gotten the information otherwise. Pearl Harbor was avoidable, in that the Japanese didn't have to do it. What do you think the US should have done to prevent it? Send warning messages

I would not be surprised...

[Chris Katko]

...If it was USA/Israel/Britain/Canada pulling yet another False Flag operation of saying "OMGAWD Asians did it!".

For those who missed it, Canada outright admitted it they do this.

Re:I would not be surprised...

[dos1]

Have you even checked how this attack looks like? The traffic is *NOT* coming from Chinese servers, but that's not the point. That's actually why it's so powerful. Baidu serves the malicious JavaScript in place of their analytics tracking script. Inside of China it's normal, but when it goes through the Great Firewall it gets changed to malicious script that turns any visitors of webpages with Baidu script (Google Analytics equivalent) attached to them into part of DDoS. The way that script worked initially was actually pretty hilarious. It attached new tag to the page with src attribute being github URL. This allowed github to replace content under those URLs to "alert('WARNING: malicious script detected');", which got executed in every browser that was turned into an attacker (and due to blocking nature of alert, limiting the impact). Of course there's more to that and the techniques used by attackers changed over past days - for instance, now TCP SYN floods started as well. But the fact is that there's definitely some big Chinese player behind it, even if it's actually not the most likely one - the government.

Re:

[dos1]

the <script> tag*

Mistakenly turned on the HTML formatting. Hopefully it's still readable without the new lines :P

Re:

[Anonymous Coward]

Canada outright admitted it they do this.

You are a little bit confused.

Firstly, Canada did not admit this. There was a disclosure as part of the Snowden documents that mentioned false flags.

Secondly, the disclosed claim concerned the intelligence forces claiming they were capable of performing false flag operations, not that they had ever done so. The document was a pretty sparse high level rundown of capabilities, barely more than a power point presentation (or maybe it was a power point presentation).

Not much said

[PineHall]

Here is the question and answer:

Second, a report says that a US website was under hacker attack, and the source of the attack was from China. How do you respond?

On your second question, it is quite odd that every time a website in the US or any other country is under attack, there will be speculation that Chinese hackers are behind it. I'd like to remind you that China is one of the major victims of cyber attacks. We have been underlining that China hopes to work with the international community to speed up the making of international rules and jointly keep the cyber space peaceful, secure, open and cooperative. It is hoped that all parties can work in concert to address hacker attacks in a positive and constructive manner.

Re:

[LoneTech]

Thanks for the quote.. it's interesting to note that he's implying that others won't cooperate with them on regulating the 'net. The truth on that claim would be somewhere between them making unreasonable (whether impractical or unpalatable - we've seen what sort of regulation they do on their own) demands, this statement being false, or the "China hopes to" weasel language being key - allowing that they never tried. Not much said indeed.

Finally

[Megahard]

We have someone to take the place of the Iraqi Information Minister. I miss that guy.

Re:

[Tablizer]

Indeed. He made the train-wreck more interesting. If you are going to be a jerk, be an interesting jerk.

Always deny

[ITRambo]

Russia and China are reliable liars when it comes to denying what others have caught them doing. Very much like a child that got caught with a hand in the cookie jar. I do not believe denials that come out of either country.

Re:

[Flavianoep]

Russia, China, as well as any intelligence agency in the world, are reliable liars when it comes to denying what others have caught them doing.

FTFY.

Re:

[Gavagai80]

Not really true. Many intelligence agencies use a "no comment" policy when caught. For instance the NSA's response when caught was that they refused to comment on the veracity of any documents that they considered to have been obtained illegitimately.

All parties?

[rippeltippel]

"It is hoped that all parties can work in concert to address hacker attacks in a positive and constructive manner."

...all parties? I thought there was just one.

No real interest in security aside from espionage.

[sethstorm]

China stands to gain too much to not be involved. That's their primary way of technological development - industrial/governmental espionage.

Perhaps they could start explaining how Nortel ended up becoming Huawei and ZTE, amongst other things. Then they could also explain why Huawei has a LOT of ties to the PRC government.

Re:

[Gavagai80]

How is a denial of service attack espionage? I don't see China gaining anything. More likely incompetence/corruption allowed their infrastructure to be used in the attack.

False Dichotomy:

[Lab Rat Jason]

So China is saying that because they are being attacked, they can't possibly have people doing the attacking?

DDoS solved in IPv6

[The New Guy 2.0]

There's a solution to DDoS in IPv6 called the "NAK packet" which is a simple request for upstream routers to not relay any more traffic from the address or addresses that is sending the abusive data. Basically, it's like asking a firewall in between to rule out the bad data.

Re:

[The New Guy 2.0]

Really, what this allows routers to say "You're blocked, don't waste your bandwidth in my direction!"

Re:

[DarkSkiez]

Sounds interesting, however, do you have any RFCs or references about this. I'm having trouble validating this.

Re:

[petermgreen]

Even discounting the spoofing possibilities your proposal would mean that anyone who uses baidu from outside china will find themselves cut off from github. I expect that isn't what github wants.

Re:

[LordLimecat]

If you dont understand networking, its probably best not to wax snarky.

For the record; layer 3/4 typically doesnt handle authentication.

Re:

[The New Guy 2.0]

When some router sends packets in your direction you generally say "ACK" for it worked and "RST" for start over at a certain point... "NAK" means "I got it, but I don't like it, no more of that for me please!"

Firewalls can only stop traffic once it travels the line to your side... what would be better is to have a firewall at ISP side of the line to reject traffic you don't want so your line doesn't get overloaded but lets the good traffic through.

Re:

[Anonymous Coward]

I can't find any info about NAK in IPv6, but this has been solved for over a decade in IPv4. https://www.ietf.org/rfc/rfc3514.txt [ietf.org]

Re:

[The New Guy 2.0]

That's dated April 1... April Fools Day. However, it was a joke that was taken seriously by the IPv6/TCP writers.

Comment removed

[account_deleted]

Comment removed based on user account deletion

If they don't want to be blamed...

[ilsaloving]

If they don't want to continually be blamed for attacking various web properties, then maybe they should... I dunno.... stop attacking various web properties?

...that China....open and cooperative.

[Kekke]

Heheh, rofl, lmao + all the other acronyms for laugh .........

Quick, get damage control out here

[LordLimecat]

One wonders if we'll be seeing the return of the 50 Cent Party [wikipedia.org] in this thread.

Re:

[LordLimecat]

Comparing the US's propaganda to China's is truly absurd. We have free media here (albeit with their own agenda); China's papers are all in the pocket of the CPC.

Find me a national publication in China that is critical of the ruling party. I can find hundreds here in the US that openly criticize Obama, Congress, and SCOTUS.

Utter bullshit

[musixman]

Take a look at the attack code people. It's very clear this is a state sponsored attack using baidu, they are targeting VPN software hosted on Github that's used to bypass firewall restrictions in China.

It's not like baidu would randomly install attack code against github for "no reason". Additionally, it's been 125 hours now & they still haven't taken it down.

Does anyone have genuine proof?

[thetoadwarrior]

I'd actually be more likely to believe it's a desperate US or UK agency trying to prove why they need to take our freedoms away than China. There's so much anti-china stuff out there. Why pick github? But as well apparently British airways and slack are being attacked. What would China have against British Airways? Something doesn't make quite make sense.

Decentralized source control centralized

[mars-nl]

So we moved from centralized source control (CVS, SVN) to decentralized source control such as Git and then we centralize all of repositories in the world on one server...

Isn't the solution to block Baidu ?

[BlueTrin]

Shouldn't we block Baidu and make GitHub unavailable from China ?

Re:

[spongman]

Shouldn't we block Baidu and make GitHub unavailable from China ?

You'd have to convince everyone outside china to block Baidu. And as for blocking GitHub for Chinese users, China would love that. The only reason they're not blocking GitHub is that so many Chinese engineers use it. If someone outside China blocked it for them, they'd be killing two birds with one stone: censoring the VPN info and making another country look bad.

Re: Isn't the solution to block Baidu ?

[BlueTrin]

Because blocking Baidu will hurt their interest and stopping GitHub will cause more unrest and show their population what their government is doing ? Maybe I agree with you on the second point after thinking a bit more.

Think of the children

[aberglas]

People have missed the key line in the post, which was ... speed up the making of international rules and jointly keep the cyber space peaceful, secure, open and cooperative.

We clearly need more rules to control the internet and everybody would have to agree that China is the international expert on internet control.

China was so used to stealing secrets

[Ukab the Great]

That the though using 'git clone' never occured to them.

Re:

[TuxWithoutPants]

A Chinese sharing for the greater good without personal profit? Man, pass some of whatever you're smoking! (disclaimer: I'm Chinese so I get to insult my race)

Well

[TuxWithoutPants]

They could have went with "weapons of mass destruction" but someone already did that one, so flat out denial is the next best thing isn't it?

Re:

[rogoshen1]

This country was founded by progressives. With the notable exception of slavery (because some smug fuckwit will always think that pointing out the inconsistency somehow makes them edgy, or clever), the US and its devotion to individual freedoms was pretty novel at the time.

Since then though.. bleh.

Re:

[LordLimecat]

Well, we all know how much power DC has over Baidu and the border routers in China.