The massive denial-of-service attacks that have intermittently shut down GitHub for more than five days is the work of hackers with control over China's Internet backbone, according to two technical reports published Tuesday that build a strong case that government authorities are at least indirectly responsible.
GitHub officials have said the torrent of junk data pummeling their servers is the biggest they have ever seen. As previously reported, the two GitHub pages are constantly loaded and reloaded by millions of computer users inside and outside of China, an endless loop that left unmitigated outages not just on the two targeted pages but throughout GitHub's entire network. Exhibit A in the case in which China is involved are the two specific GitHub pages targeted: one hosts anti-censorship service GreatFire.org while the other hosts a mirror site of The New York Times' Chinese edition. The targets suggest the attackers are sympathetic to the vast censorship apparatus known as the Great Firewall of China.
Now researchers have unearthed additional evidence implicating China that goes beyond motive. Specifically, the computers hammering GitHub servers are all running a piece of malicious code that surreptitiously makes them soldiers in a massive DDoS army. The JavaScript gets silently injected into the traffic of sites that use an analytics service that China-based search engine Baidu makes available so website operators can track visitor statistics. About one percent of people visiting such sites don't receive the true Baidu analytics JavaScript but instead get code that forces their browser to constantly reload the two targeted GitHub pages.