PAUL MOZUR March 31, 2015
Experts said it appeared that signals to and from Baidu, an Internet company based in Beijing, were being redirected.
David Gray/Reuters
HONG KONG — The Chinese government has long used a sophisticated set of Internet filters known as the Great Firewall as a barrier to prevent its citizens from obtaining access to foreign websites with information it deems threatening.
But in a recent series of attacks on websites that try to help Internet users in China circumvent this censorship, the Great Firewall appears to have been used instead as a weapon, diverting a portion of the torrents of Internet traffic that flow through it to overload targeted websites.
In doing so, the Chinese government is taking advantage of and damaging one of China’s own Internet companies: Baidu. The attacks appear to hijack advertising and analytics traffic intended for Baidu, China’s largest search company, and then send that traffic to smaller websites in what is known as a distributed denial of service or DDoS attack. The huge flow of traffic has the effect of crashing the sites.
The aggressive new strategy shows vividly how Beijing is struggling to balance its desire to control the flow of information online with the aim of encouraging the growth of its tech sector.
The main target of the recent barrage is GitHub, a popular website that acts as a library of code for programmers. While it is indispensable for tech companies in China, it also hosts several pages that enable users to view sites blocked in the country.
Because GitHub is fully encrypted, China’s domestic web filters cannot distinguish between pages that host code useful to programmers and code that circumvents censorship. In 2013, when the government fully blocked GitHub, it caused an outcry among China’s many computer engineers, leading to the site’s subsequent unblocking.
The new attacks take more of a siege approach, hitting the site with a costly and difficult-to-manage barrage of traffic in the hopes it will remove two pages, one with code from GreatFire.org — a nonprofit organization that runs mirrors of blocked sites including Google, the BBC and The New York Times — and another that hosts links to mirror sites of the Chinese version of The New York Times.
The New York Times declined to comment on the attacks.
“This is a huge problem for free expression,” said Lokman Tsui, an assistant professor at the Chinese University of Hong Kong. He added that these attacks could lead sites like GitHub to decide it is too much trouble to host content deemed problematic by China.
“This is a message to the people who maintain GitHub: Either you kick out GreatFire and The New York Times, or we’ll keep this up,” said Mikko Hypponen, the chief research officer at the security firm F-Secure.
The new attacks come as Beijing has increased censorship in China, and grown more vocal about how the Internet should be governed globally. In a number of recent public appearances, China’s Internet czar, Lu Wei, has called for respect for China’s Internet sovereignty, meaning that China should have the right to manage the Internet within its borders as it wants.
But the GreatFire.org material on GitHub, which is based in San Francisco, offers an unusual exception. By offering code that unblocks sites within China, it is assumed to be violating Chinese laws from abroad. James Andrew Lewis, a senior fellow at the Center for Strategic and International Studies, said the attack was an attempt to deal with extraterritoriality on the Internet.
“China is trying to redefine the rules of the Internet and they’re feeling their way forward as they do it,” he said. “This is one of another set of actions to say China will have a bigger voice in how the Internet works.”
