For the past week, the website “GitHub” has been under attack by China. In this post, I pin-point where the attack is coming from by doing an http-traceroute.
GitHub is a key infrastructure website for the Internet, being the largest host of open-source projects, most famously Linux. (I host my code there). It’s also a popular blogging platform.
Among the zillions of projects are https://github.com/greatfire and https://github.com/cn-nytimes. These are mirrors (copies) of the websites http://greatfire.com and http://cn.nytimes.com. GreatFire provides tools for circumventing China’s Internet censorship, the NYTimes contains news stories China wants censored.
China blocks the offending websites, but it cannot easily block the GitHub mirrors. It’s choices are either to block or allow everything on GitHub. Since GitHub is key infrastructure for open-source, blocking GitHub is not really a viable option.
Using my custom http-traceroute, I’ve proven that the man-in-the-middle machine attacking GitHub is located on or near the Great Firewall of China. While many explanations are possible, such as hackers breaking into these machines, the overwhelmingly most likely suspect for the source of the GitHub attacks is the Chinese government.
This is important evidence for our government. It’ll be interesting to see how they respond to these attacks — attacks by a nation state against key United States Internet infrastructure.