The popular code-sharing and blogging site GitHub earlier this week seems to have successfully staved off a nearly week-long traffic onslaught on its systems. Enduring a massive distributed denial of service attack, or DDoS attack—what cyber savants call it when a website’s servers gets flooded with traffic in an attempt to cause a disruption—the site’s status team tweeted on Tuesday morning three triumphant words.
Everything operating normally.
— GitHub Status (@githubstatus) March 31, 2015
GitHub described the attack, which began late at night on March 25 and lasted, for the most part, till Tuesday morning, as “the largest” attack of its kind in the site’s history. Someone close to the matter tells Fortune that the attack has decreased in intensity since then and that the site has been able to mitigate it well currently.
Although GitHub has not attributed the attack, it did announce in a blog post last week that, “Based on reports we’ve received, we believe the intent of this attack is to convince us to remove a specific class of content.” That specific class of content appears to include pages featuring links to mirror sites for the Chinese language version of The New York Times as well as the anti-censorship project GreatFire, workarounds for sources of information that are typically restricted behind China’s infamous Great Firewall. (Dear reader, please click these links responsibly—their servers have been under much distress lately.)
Due to the nature of the DDoS attack’s targets, many experts in the security community have named the Chinese government as a likely perpetrator. That’s certainly the conclusion reached by GreatFire, one of the victims. And the allegation is further supported by Robert Graham, CEO of the security firm Errata Security, who recently performed a clever traceroute analysis—a method of pinging machines on the Internet to determine the path by which packets of information are traveling across it—to determine that the routers responsible for the attack are located on or near China’s so-called Great Firewall.
“By looking at the IP addresses in the traceroute, we can conclusive prove that the man-in-the-middle device is located on the backbone of China Unicom, a major service provider in China,” he writes on his company’s blog. (China Unicom, by the way, has been known to abet Chinese censorship.) “While many explanations are possible, such as hackers breaking into these machines, the overwhelmingly most likely suspect for the source of the GitHub attacks is the Chinese government.”
While Graham’s evidence is not definitive, it is awfully compelling. Hua Chunying, a foreign ministry spokesperson, did not deny the claim in a press conference on Monday. She stated merely that “it is quite odd that every time a website in the US or any other country is under attack, there will be speculation that Chinese hackers are behind it.”
Matthew Prince, CEO and co-founder of the security-minded content delivery network CloudFlare, a person who is intimately familiar with these kinds of attacks, generally errs on the side of caution when it comes to attribution. Stopping by the office recently, he told Fortune about the difficulty: “The real challenge here is whether it’s a national government or a 15-year-old kid. It isn’t that hard to launch these attacks, so what we see more and more are extremely large-scale attacks coming out for, often, political reasons. Sometimes, stupid reasons. We saw two day spa owners launching attacks against each other the other day.”
“Once you find a vector to launch these sorts of things, it’s easy to turn them up,” he adds, meaning that these particular types of attack scale easily.
It’s worth noting that the Chinese government attempted to block GitHub in early 2013. After facing a public outcry from programmers and developers at Chinese tech companies that rely on the site, China eventually restored access. Since GitHub was too essential a site to block altogether (unlike Gmail and the news service Reuters, apparently), it makes sense that Chinese censors might try a different means of restriction; that is, overloading particularly displeasing pages with a digital deluge so as to possibly strong-arm the site into removing a “specific class of content.” In naming China, as the civil liberties nonprofit Electronic Frontier Foundation puts it: “This time, they’ve gone a step further and actually weaponized Chinese Internet businesses in order to censor critical voices.”
News of GitHub’s apparent victory (for the time being) against the days-long traffic blast comes soon after it was revealed that China has admitted to having cyber warriors, and right after President Obama has signed an executive order authorizing the treasury department to impose sanctions against overseas hackers. How, if at all, the U.S. will respond remains to be seen.
At least for now, GitHub’s aggressors appear to have abated.
Watch more business news from Fortune:
