China has weaponized the Great Firewall, says a free-speech group

March 30  

 

 

A nonprofit group developing tools to get around Chinese online censorship says the Chinese government is behind a recent attack that sent a flood of traffic to its site and services. China is effectively using the national firewall in place to censor the Internet for Chinese residents to weaponize the browsers of millions of global Internet users, according to GreatFire.

 

Earlier this month, the group announced that it was facing a significant distributed denial of service, or DDoS, attack, that was directing 2.6 billion requests per hour to its Web pages. Web sites aren’t set up to handle that magnitude of traffic,  and such attacks are typically aimed a knocking sites offline. Last week, a similar attack appears to have struck at popular code collaboration platform GitHub — specifically targeting GreatFire projects hosted on the site and making the whole platform intermittently available for some users.

 

Some researchers noted that the attack on GitHub appeared to involve hijacking the browsers of visitors to the site using tools developed by Baidu, China’s largest search engine, as part of the attack. Baidu has denied involvement in the incident.

 

But in a blog post and research report released today, GreatFire said the same tactic is behind the attack on their Web site — and points to China as the culprit.  “The tampering takes places someplace between when the traffic enters China and when it hits Baidu’s servers,” the group said. “This is consistent with previous malicious actions and points to the Cyberspace Administration of China (CAC) being directly involved in these attacks.”

 

If true, this allegation would mean that the tool currently used to limit Chinese residents’ online activities is being used to make Internet users around the world attack content the country finds objectionable. “The Great Firewall has switched from being a passive, inbound filter to being an active and aggressive outbound one,” said the GreatFire blog post.

 

Zhu Haiquan, a spokesperson for the Chinese Embassy in the U.S. declined to comment on the report in an e-mailed statement. “China’s position on cyber security is clear and consistent. We have no comment on any hypothesis or allegation that is not supported by real facts and hard evidence.” Earlier this year, CAC publicly called GreatFire “anti-China.”