The code instructs browsers of visitors to those websites to rapidly connect to GitHub.com every two seconds in a way that visitors couldn't smell, creating "an extremely large amount of traffic," according to a researcher who goes by the name A nthr@x.
"In other words, even people outside China are being weaponized to target things the Chinese government does not like, for example, freedom of speech."
The attack specifically targets two popular Github projects – GreatFire and CN-NYTimes – anti-censorship tools used to help Chinese citizens circumvent The Great Firewall Of China, the government's censorship of Internet access in China.
- GreatFire – A well-known group on Github that fights against Chinese government censorship of the Internet.
- CN-NYTimes – A group that hosts New York Times mirrors to allow Chinese citizens to access the news website, which is normally blocked in China.
Since Baidu search engine is extremely popular, the attack results in the massive flood of traffic on the Github website which begun around 2 AM UTC on Friday and last for more than 24 hours.
GitHub said yesterday that the flood of traffic, a continuous string of distributed denial-of-service attacks, caused irregular outages and that their admins have been working to mitigate the attack with periodic success.
However, the most recent status
on the site says the company has deployed new defenses.
"We're aware that GitHub.com is intermittently unavailable for some users during the ongoing DDoS," GitHub said in a message posted at 1549 UTC Friday.
"Restoring service for all users while deflecting attack traffic is our number one priority. We've deployed our volumetric attack defenses against an extremely large amount of traffic. Performance is stabilizing," a message posted by Github at 15:04 UTC says.
Later, the company noted, "We've been under continuous DDoS attack for 24+ hours. The attack is evolving, and we're all hands on deck mitigating."
), once unscrambled.
Chinese search engine giant has denied any involvement in the current DDoS attack, saying that Baidu was not intentionally involved in any traffic redirection. "We've notified other security organizations," the company said in a statement, "and are working together to get to the bottom of this."