Why experts think China launched the cyberattacks against GitHub

Code repository GitHub was hit over the weekend with a cyberattack originating from China, according to experts. Traffic flooded two GitHub pages, both devoted to circumventing Chinese censorship.

Github, a popular site where coders store and collaborate on software projects, was hit on Thursday and again on Sunday with cyberattacks that researchers believe originated from China.

Two GitHub pages were flooded with an onslaught of Internet traffic, bringing the entire site to its knees as GitHub’s servers buckled under the distributed-denial-of-service (DDoS) attack. Security experts say the attack is an attempt by China to cripple anti-censorship tools.

The attack began when an individual or group hacked software used by Baidu, China’s largest search engine. The attackers altered the software Baidu uses to serve ads on Chinese websites, causing Baidu users’ computers to automatically and repeatedly connect to other sites. The attack was invisible, so Baidu users didn’t know that their browsers were hammering away at other servers.

That flood of traffic was directed toward two anti-censorship tools hosted on GitHub. One is a piece of software developed by GreatFire, a non-profit group that monitors censorship in China. The Chinese government harshly restricts what websites its people may visit, and has repeatedly censored products from Google and other Western companies in recent years. The other tool under attack allows Chinese users to access a translated version of The New York Times, which is blocked in China. It isn’t known who is behind the software that copies the Times’s content.

GreatFire’s own site was subjected to a similar DDoS attack earlier in March. The traffic that flooded GitHub’s servers originated from browsers outside China that used Baidu’s advertising software, suggesting China itself is to blame. It’s unclear who exactly was behind the attack, but security researcher James A. Lewis told The Washington Post that the most likely candidate is the Chinese government itself. The attack could be a way for the government to make a show of force, or to target specific tools it dislikes.

The Chinese government briefly censored the entire GitHub site back in 2013, but reversed its decision after software developers complained that this made it too difficult for them to do their jobs. GitHub is widely used by individual programmers and software companies alike to collaborate on projects, and is all but indispensable to the technology industry. Because the site is encrypted, governments can’t block access to some parts of GitHub while leaving others accessible.

The DDoS attack didn’t disrupt service to Baidu itself, and the company denied that its own servers had been hacked. GitHub said in a blog post on Friday that the attack – the largest in the site’s history – was probably meant to “convince us to remove a specific class of content.” As of Monday, GitHub was back up and running, and the project that allows Chinese users to access the Times was reachable.