If there were any doubt at all before (there wasn't much), there's no way Baidu, the Chinese Govt search engine, could be 'hacked' for four days without orders from the Chinese Govt.
Day FOUR of the GitHub web assault: Activists point fingers at 'China's global censorship'
With the GitHub distributed denial-of-service (DDoS) attack nearing its fifth day of bombardment, the code-sharing upstart said it is holding up well under fire. The site said as of Monday afternoon, Pacific Time, it is still operating at 100 per cent, despite a continuing flow of malicious traffic to its servers. GitHub said …
COMMENTS
-
-
Tuesday 31st March 2015 02:14 GMT thames
Baidu hasn't been hacked. This is supposedly happening somewhere else. Some part of the network (possibly the routers) is injecting Javascript into the response traffic after it has left Baidu but before it reaches the user to add extra Javascript. ISPs in the US have been doing the same thing to inject advertising, but in this case the Javascript conducts a DDOS instead of showing ads.
From the sounds of it, Baidu wouldn't even be able to see anything different from their data centres, since the Javascript injection happens somewhere else in the Internet, possibly on its way out of China.
I imagine that Baidu is not happy about this, since it would have the potential to hurt their business. The article isn't clear on this, but it describes the traffic being intercepted as being from "Baidu's advertising network", so it's quite possible that Baidu is losing a significant amount of money on this.
-
Tuesday 31st March 2015 09:05 GMT TeeCee
And what's definately between Baidu and everywhere else that could easily do this to all passing traffic?
The Great Firewall of China.
There goes the last of the doubt as to who's doing this. If they weren't such a PITA you'd have to laugh at the Chinese government for being repeatedly so shit at misdirection.
-
Tuesday 31st March 2015 14:14 GMT Tom 13
Re: Baidu hasn't been hacked.
Sure they have. The hack might not be happening on their servers, but it is their data stream. I'd expect any agency NOT controlled by a government assisting the hackers to take actions to mitigate it even the problem is happening on someone else's routers. With dog + world switching to https, that seems like the logical first step for them to take.
-
Tuesday 31st March 2015 16:48 GMT Oninoshiko
Re: Baidu hasn't been hacked.
"Sure they have. The hack might not be happening on their servers, but it is their data stream. I'd expect any agency NOT controlled by a government assisting the hackers to take actions to mitigate it even the problem is happening on someone else's routers. With dog + world switching to https, that seems like the logical first step for them to take."
That may not work. If it's the Chinese government, they have enough clout to have keys made for Baidu and still run a MITM attack.
But here's the reality, the management of Baidu are members of the communist party of china. If the Chinese government is running the attack, it's with the blessing of the party (the one thing I can say about a single party system, is I always know who to blame). So I can only conclude Baidu's upper management is complacent in it.
-
-
Tuesday 31st March 2015 15:33 GMT Anonymous Coward
Layer 7 routers???
Some part of the network (possibly the routers) is injecting Javascript into the response traffic after it has left Baidu but before it reaches the user to add extra Javascript.
@thames - WOW - Layer 7 routers. How ingenious. I mean I get it - self-realizing routers that inject JS ..... how bored they must have become operating only @ Layer 3 .... where routers operate.
-
-
-
Tuesday 31st March 2015 03:19 GMT Anonymous Coward
Why thank-you Baidu
You've just given me an excuse to block your JavaScript objects.
The fact that I barely noticed your failed DDOS only makes this more amusing.
Advanced users: even though the untrusted sites blacklist has no listing UI of its own, you can mass-edit it either modifying the noscript.untrusted about:config preference or using the Import/Export functionality of the NoScript Options|Whitelist panel, knowing that the untrusted entries are exported under an [UNTRUSTED] header.
I guess that's the answer.
-
-
Tuesday 31st March 2015 13:48 GMT Anonymous Coward
It does not appear to originate in China. People from other countries visit Chinese websites. Those websites have advertisements that are provided by Baidu the way Google does for most non-Chinese sites. Some of those advertisements appear to contain malicious code which then execute on the foreign computer. So the attacks do not originate in China. You could of course make it impossible for foreigners to visit Chinese sites, but then you'ld pretty much destroy the backend of many large western companies.
-