Minitrue: Don’t Conjecture on GitHub DDoS Attack (Updated)

The following instructions, issued to the media by government authorities, have been leaked and distributed online. The name of the issuing body has been omitted to protect the source.

Regarding the large-scale distributed denial-of-service (DDoS) attack on , do not conjecture or comment of your own accord before the authoritative media have reported the case, and do not republish foreign coverage. (March 28, 2015) [Chinese]

A major DDoS attack on the code-sharing site GitHub began on Thursday and is ongoing:

The DDoS attack “weaponizes” Internet users outside China who visit websites containing tracking code. As long as they remain on an affected site, their browser will quietly make repeated requests to the GitHub URLs of censorship monitoring and circumvention project ( and its censorship-evading Chinese New York Times mirror (, in an effort to overwhelm GitHub’s servers.

Baidu denies involvement. “After careful inspection by Baidu’s security engineers, we have ruled out the possibility of security problems or hacker attacks on our own products,” the company said in a statement.

Observers have commented that Chinese authorities are likely the only entity with both the motive and resources to carry out the attack. GreatFire leveled the same accusation on Tuesday:

When we first blogged about this attack we did not want to level accusations without evidence. Based on the technical forensic evidence provided above and the detailed research that has been done on the GitHub attack, we can now confidently conclude that the Cyberspace Administration of China (CAC) is responsible for both of these attacks [the ongoing one against GitHub, and another against GreatFire earlier this month].

[…] Inserting malicious code in this manner can only be done via the Chinese Internet backbone. Even if CAC did not launch the DDoS attack directly, they are responsible for managing the internet in China and it is not possible that they did not know what was happening. These attacks have occurred under CAC’s watch and would have needed the approval of Lu Wei.

Lu Wei and the Cyberspace Administration of China have clearly escalated the tactics that they use to control information. The Great Firewall has switched from being a passive, inbound filter to being an active and aggressive outbound one. This is a frightening development and the implications of this action extend beyond control of information on the internet. In one quick movement, the authorities have shifted from enforcing strict censorship in China to enforcing Chinese censorship on internet users worldwide. CAC can launch these attacks quickly and easily and they have the technical and financial resources behind them to continue to launch DDoS attacks against any website, anywhere in the world. [Source]

GitHub commented last week that “we believe the intent of this attack is to convince us to remove a specific class of content,” apparently referring to GreatFire’s censorship circumvention tools. GitHub’s compliance would resolve a dilemma for Chinese censors: the site’s HTTPS encryption prevents blocking its contents selectively, and its ubiquity in the tech industry would impose a high economic toll on blocking the entire site. This “collateral freedom” strategy is central to GreatFire’s circumvention projects on other platforms, such as Amazon’s and Microsoft’s. The New York Times’ Patrick Boehler discussed the approach with Adam Fisk, developer of circumvention service Lantern:

tools such as Lantern operate on cloud services. These cloud services are extremely important for Chinese businesses and shutting them down would cause economic damage. Do you think those who are regulating the Great Firewall are aware of this?

I definitely think they are aware of it, and it really reflects the interconnectedness of the global economy. And for me, the big danger — both for China and the Internet as a whole — is the Balkanization that we are starting to see. The question in my mind is the degree to which the Balkanization is damaging to the Chinese economy. I don’t know if anyone has looked at that. But, if so, many services not being available or in danger of not being available would have a significant impact for innovation. Some of the best technology companies in the world have been affected.

Where do you see that Balkanization of the Internet heading? Do you think concerns over the economic damage will prevail and keep the Internet free?

There is an overlap in interest between [Chinese] government officials and people in the industry. Hopefully, the interconnectedness of the global economy is strong enough and vital enough that we see a move away from Balkanization. [Source]

Read more discussion on the economic costs of Chinese censorship via CDT.

Updated March 31, 2015 at 11:02 a.m. EST: GitHub reports that all systems are now operating normally. The GitHub URLs of the GreatFire page and Chinese New York Times mirror return an error page that states “something went wrong and we cannot service your request.”

真Since directives are sometimes communicated orally to journalists and editors, who then leak them online, the wording published here may not be exact. The date given may indicate when the directive was leaked, rather than when it was issued. CDT does its utmost to verify dates and wording, but also takes precautions to protect the source.