Someone hijacked the Google of China to attack anti-censorship tools

An unknown party hijacked widely used tools developed byBaidu, the largest search engine in China, this week in an apparent attempt to target onlinesoftwareused to get around Chinese censorship.

The assailants injected malicious code into the tools Baidu uses to serve ads on a wide range of Chinese Web sites and to provide analytics for Web developers, according to researchers. The code instructed the browsers of visitors to those sites to rapidly connect to other sites, but in a way that the visitors couldn't detect. That sent a flood of traffic to twoanti-censorship tools offered by the groupGreatFire hosted on GitHub, apopular siteused by programmers to collaborate on software development. One of the tools targeted by the attackeffectively allows Chinese users to access a translated version of the New York Times.

At times the attack made GitHub, which is used by programmers around the world and the U.S. government itself, unavailable for some users.

GitHub was briefly blocked inside China in 2013, but reinstated after an outcry from programmers. Because GitHub uses encryption to hide specific parts of the site, the Chinese government cannotselectively block only some of GitHub'scontent. But blocking the site wholesale could be damaging to China's economy becauseit is so widely used by the tech industry.

GreatFire reported its own site was the subject of a similar traffic flooding attack earlier this month.

While determining the entities behind these types of attacks is difficult, the Chinese government would be an obvious culprit, said James A. Lewis, a senior fellow at the Center for Strategic and International Studies."The only people who would really benefit from it would be China," he said. Using such a bold tactic to attack content it dislikes seems to be either a way for the government to send a message or test out new capabilities, he said.

[Related: Is this North Korea? Chinese netizens squirm as party tightens grip on Internet.]

"The last couple months we've seen a real sea change in Chinese Internet policy, where they've become more assertive about blocking Western sites and pushing back on their citizen's ability to access information from outside of the country," Lewis said. Earlier this year, many virtual private network (VPN) services relied on by Chinese citizens to evade censorshipbecame inaccessiblewithin the country.

Baidu -- which is basically China's Google -- denied involvement in the incident. "After a thorough investigation, Baidu security engineers have ruled out either security issues with Baidu products or a hacking attack on Baidu as possibilities," the company told The Washington Post in a statement. "We have been in touch with other security organizations to apprise them of the situation, and we will work together on getting to the bottom of related issues."

GreatFire did not immediately respond to a Washington Post inquiry about the attacks. Nor did the Chinese government. GitHub acknowledged it was the victim of a "continuous" attack for more than 24 hours in a Tweet posted late Thursday night. The latest update on the GitHub's status pagesays the service is "intermittently unavailable for some users" due to the attack.

Follow this link:
Someone hijacked the Google of China to attack anti-censorship tools