到截稿为止,对Github的攻击仍在持续中。3月30日,
Github在推特上表示,攻击的方法已经转变,该网站在全力对抗。
中国互联网络信息中心发布中间人攻击证书
就在此前,3月25号,
"中国的网络审查网站"(greatfire.org)发布声明称,从他们掌握的具体证据看,中国互联网络信息中心(CNNIC)和网信办(CAC)参与了攻击全球电子信息巨头如谷歌、微软以及火狐的行动,该证书冒充成受信任的谷歌的域名,被用于部署到网络防火墙中,用于劫持所有处于该防火墙后的HTTPS网络通信,而绕过浏览器警告。greatfire提醒有关互联网企业加强互联网防范措施,并再次呼吁谷歌、Mozilla、微软和苹果立即取消对CNNIC的信任,以保护全球网民的用户信息。
谷歌和Mozilla(火狐)分别公开了这一安全事件,就此分别发表了博客文章(Google, Mozilla)。但谷歌与Mozilla有关CNNIC发布中间人攻击证书文章的
中文翻译,则在中国被勒令删除了。
23日,谷歌公司一名网络安全专家在其公司的博客专栏发表博文写道,中国互联网络信息中心以及一家被称为MCS的控股公司,为一些谷歌网址分发了没有得到授权的电子认证,"而这些被滥用的电子认证则被几乎所有的浏览器以及操作系统接受"。这名谷歌的网络安全专家将这一结果描述为互联网认证管理系统里的"软肋"。
次日,微软以及火狐等公司均发表了声明,称他们将取消所有MCS发放的认证。
具有攻击性的墙
推特网友@hnjhj 表示,小组长(习近平)上台以后尽管网络管制思路跟之前一致,但路子毕竟野了很多。从3月中旬以来,CNNIC颁发官方假证书进行中间人攻击、GFW劫持全球网络流量发动DDoS攻击、强调网络主权等等的事,如果从积极方面看的话,那就是在当局看来,单纯的砌墙防御已经不够用了,翻墙途经越来越多,不主动出击就是等死。
有不少人曾传,中国的防火墙将会在今年4月完成升级。虽然目前该消息并未得到证实,细节也尚未浮出水面,但3月以来这些变化显示,墙不再是单纯的保守封锁,已沦为攻击武器,还要利用翻墙者的积极性调用民间流量,让抗争者在不知不觉中充当枪手。但翻墙者不是纯粹的无畏派,并非只有搭梯子一种技能,拒绝做肉鸡以及如何对越来越流氓的GFW发起反击是急需考虑的内容,虽然目前只能见招拆招。
时评人Larry指出:GFW从被动封锁转向主动攻击,是中共当局封锁网络“有害信息”、确保政治安全的需要的扩大化,与中国网络用户越来越强烈的“自由、开放、安全”的网络需求之间不可调和的矛盾冲突的表现。极权势力投入在网络控制的资源不断扩张,对应的就是反对网络控制、追求言论通信自由的呼声越来越强烈。
【英文版文章如下】
Chinese netizens weaponized, resulted in the “largest DDoS attack” in GitHub’s history
GitHub, a website where technicians and coders around the world share experience, has been busy for the past four days mitigating the “largest DDoS attack” in its history. China has been cited as Wall the source of the attack. Perhaps a more frightening fact is that, internet users in China have been turned into attackers during this cyber-attack, without their knowledge.
The targets are GreatFire’s anti-censorship programs and New Yorks Time China on Github, according to
an analysis report from Netresec.
At a press conference on March 30th, Chinese Foreign Ministry did not confirm or deny if Chinese government is behind this attack. Hua Chunying, the spokeswoman of the ministry
said:
Some people associate Chinese hackers with recent cyber-attacks on websites in US or elsewhere, this is very strange. I would like to remind you that, China is one of the biggest victims of cyber-attacks. We have always stressed that, China hopes to work together with the international society… to uphold a peaceful, secure, open and cooperative cyber environment.
Turn Netizens into Hackers
Starting from March 27, 12 PM (Beijing Time), when people visit Chinese websites using VPNs to bypass Chinese censorship, it was very likely that they were turned into attackers by a malicious code embedded in the Baidu ads. Instantly, their computers will be recruited to join the attack at GitHub.
Baidu is like China’s Google and many Chinese websites using tracking and advertising code from Baidu. The attack has been dubbed as “
HTTP hijacking”: “a certain device at the border of China’s inner network and the Internet has hijacked the HTTP connections” and “replaced some JavaScript files from Baidu with malicious ones” that would load GitHub’s
GreatFire and
CN-NYTimes projects “every two seconds.”
This will influence internet users who visit Chinese websites via an IP address outside China, including Chinese users who use VPNs or other circumvention tools. In its official weibo account, Baidu Security Lab denied that the attack was related to their security loopholes.
“using regular internet users to engage in DDoS attack is now China’s new political weapon. “User @bitinn wrote, “(Chinese censors) has switched from simply defense to active offense.”
From Defense to Offense
Indeed, recently Chinese internet censorship mechanism has become more aggressive, and actively attack sites that are deemed too sensitive by the censors. Since this March, China has been accused of DDoS attack Greatfire’s anti-censorship mirror sites. Last week,
Google found unauthorized digital certificates for several Google domains, the root CA of which is Chinese Internet network information center (CNNIC). Google and Mozilla both publicly disclosed this security incident and published blog posts(
Google,
Mozilla).Chinese Internet network information center.
Github stated in its
blog that, the intent of this attack is “to convince us to remove a specific class of content. “ Before this article is published, GitHub is still working to mitigate the attack.