*This would have been a massive scandal three years ago, but the Chinese and the NSA have managed to move the cyberwar goal-posts, so nowadays it's met with a shrug and a so-what.
***************************************************************************
TOP OF THE NEWS
–DDoS Attack on GitHub Targets Tools That Help Circumvent China's
Great Firewall
(March 27, 29, & 30, 2015)
Public code repository GitHub is working to stave off the largest
distributed denial-of-service (DDoS) attack it has ever experienced. The
attack targets two projects aimed at helping people in China circumvent
that country's Internet censorship.
http://www.washingtonpost.com/blogs/the-switch/wp/2015/03/27/someone-hijacked-the-google-of-china-to-attack-anti-censorship-tools/
http://www.eweek.com/security/github-under-sustained-ddos-attack.html
http://www.theregister.co.uk/2015/03/27/github_under_fire_from_weaponized_great_firewall/
http://www.zdnet.com/article/github-suffers-largest-ddos-attack-in-sites-history/
http://arstechnica.com/security/2015/03/github-battles-largest-ddos-in-sites-history-targeted-at-anti-censorship-tools/
http://www.computerworld.com/article/2903318/github-recovering-from-massive-ddos-attacks.html
http://insight-labs.org/?p=1682
[Editor's Note (Ullrich): This is a very scary attack, and probably best
explained not by the news articles cited here, but by a blog post with
technical details about the attack: http://insight-labs.org/?p=1682 .
We have seen past "misconfigurations" in the Chinese Firewall that led
to random hosts receiving large amounts of traffic from users inside
China. If you are not conducting business in China, then these requests
are relatively easy to block. This attack against github however appears
to use the Chinese Firewall to intentionally alter content to turn users
outside China in a large "botnet" attacking a site whose content is
inconvenient to China. Blocking this attack is much more difficult as
the requests will originate from hosts outside of China, and they will
come from regular users not aware that they where exposed to malicious
Javascript. This Javascript is not to be confused with more persistent
malware, and will not be detected by standard anti-malware software as
it does use normal Javascript functionality. This attack is similar to
"Low Orbit Ion Canon" in that it uses simple JavaScript code to turn
normal browsers against a site.]
