I didn’t see this anywhere in the article (maybe I missed it), but because this utilizes the Great Firewall, it’s undoubtedly done by the Chinese government, right?
> operates by injecting malicious Javascript into pages served from behind the Great Firewall. These scripts, potentially served to millions of users across the internet, hijack the users’ connections to make multiple requests against the targeted site. These requests consume all the resources of the targeted site, making it unavailable:
If you're negligent in securing your site and it gets infected, your site should be blocked. You shouldn't be able say "well it's technically not us, it's the CCP!" whilst not doing anything about it. As for badiu being a major site, that can be resolved by browser vendors displaying a special page explaining to its users of the situation.
Isn't this the firewall itself rewriting request responses that happen to be from http://baidu.com? How is Baidu infected in this case, and what can they do to prevent this on their aside aside from strict HTTPS upgrades?
We all know who the attacker is here, but it's not literally "proven" to the standard of evidence that would be required in a US court. The attacker still has plausible deniability.
I know that this website is very USA-centric but I really fail to see what US courts have to do with the subject at hand. The question is more "as far as the international community is concerned, is there any reasonable technical doubt that the Chinese authorities are behind this?"
This is important for public discourse at least, because if it's technically undeniable that Chinese authorities are behind this attack then you can immediately assume than anybody saying that China has nothing to do with it is either acting in bad faith or is largely uninformed.
As we've seen multiple times in the past the existence or non-existence of conclusive proof is largely irrelevant when it comes to international policy anyway so the opinion of US courts is frankly besides the point.
No. "Behind the Great Firewall" is another way of saying "served from China". Perhaps -- or even most likely -- it is the government. But this is hardly a smoking gun. There are plenty of people on the mainland that hate what's going on in HK, and who are not the government.
This is not true, the traffic for the previous github incident with the great cannon was co located[0] with the great firewall (which is indisputably under the control of the chinese government).
Colocated with the Great Firewall is an entirely different claim, and not one that ATT makes. Your citizenlab article provides a possible case for it, but that's a different discussion.
And even then, it could be some third party cache poisoning attack, etc. The citizenlab evidence would look exactly the same.
This is likely China, as I said, but let's not pretend that we know more than we do.
Also the Great Firewall isn't one box admin'd by a single actor. It's a set of network firewalls managed by different network entities to fulfill legal obligations. It could be one of them acting alone.
Then there's the question of how separate the operating company is from the Party..
Please. For it not to be the government would mean that there's an extra-governmental organization within the PRC with the resources and network access to conduct a massive DDoS attack, which the communist government would never allow.
Either someone hacked the root Baidu servers, Baidu is involved, or the network requests are being manipulated by Chinese controlled entities.
There’s a high probability this is state run. There’s probably tons of offensive cyber teams in China and these are hitting sites like Greatfire.org which documents Chinese censorship (which was also why Github was hit if I’m not mistaken).
It’s not surprising that the organs of censorship would be used to target attempts to expose said censorship.
Except that's not what's happening here, unless your claim is they compromised baidu and Qihoo 360 and both don't care to fix it.
baidu and Qihoo 360 are massive companies. Serving the stuff either means they are doing it deliberately (on behalf of the government), or an active MITM is doing it, which given the scale can only mean ISP and ergo (since this is China) government level. The active MITM seems plausible since a) only unencrypted http traffic gets injected (so far), and b) the Chinese government wouldn't want to put the onus on two of their most important internet companies alone.
Baidu could be doing it only to http traffic to make people think it's the government... But I can't imagine that they would want to seem as if they're putting words in the government's mouth.
> operates by injecting malicious Javascript into pages served from behind the Great Firewall. These scripts, potentially served to millions of users across the internet, hijack the users’ connections to make multiple requests against the targeted site. These requests consume all the resources of the targeted site, making it unavailable: