[romaaeterna]

No. "Behind the Great Firewall" is another way of saying "served from China". Perhaps -- or even most likely -- it is the government. But this is hardly a smoking gun. There are plenty of people on the mainland that hate what's going on in HK, and who are not the government.

[polityagent]

This is not true, the traffic for the previous github incident with the great cannon was co located[0] with the great firewall (which is indisputably under the control of the chinese government).

[0] https://citizenlab.ca/2015/04/chinas-great-cannon/

[romaaeterna]

Colocated with the Great Firewall is an entirely different claim, and not one that ATT makes. Your citizenlab article provides a possible case for it, but that's a different discussion.

And even then, it could be some third party cache poisoning attack, etc. The citizenlab evidence would look exactly the same.

This is likely China, as I said, but let's not pretend that we know more than we do.

[erikpukinskis]

Why does it matter whether ATT made the claim?

[lallysingh]

Also the Great Firewall isn't one box admin'd by a single actor. It's a set of network firewalls managed by different network entities to fulfill legal obligations. It could be one of them acting alone.

Then there's the question of how separate the operating company is from the Party..

[ufmace]

Acting alone? Yeah right. Do that in the PRC, and you'll probably be in a "reeducation camp" by the end of the week.

[throw5543265]

Interestingly, Xi was sent to a re-education camp in his youth and now he is the most powerful person in China.

[i_am_proteus]

Please. For it not to be the government would mean that there's an extra-governmental organization within the PRC with the resources and network access to conduct a massive DDoS attack, which the communist government would never allow.

[ethbro]

> conduct a massive DDoS attack

That's not an accurate summary of what they're doing.

They're intermittently serving poisoned js in place of known analytics scripts.

Which changes the potential "who" a bit.

[dmix]

Either someone hacked the root Baidu servers, Baidu is involved, or the network requests are being manipulated by Chinese controlled entities.

There’s a high probability this is state run. There’s probably tons of offensive cyber teams in China and these are hitting sites like Greatfire.org which documents Chinese censorship (which was also why Github was hit if I’m not mistaken).

It’s not surprising that the organs of censorship would be used to target attempts to expose said censorship.

[ethbro]

Absolutely. Or potentially some cert wonkery.

I haven't looked at this closely enough to know how the script's chaining works, or if China retains MitM capability across TLS.

Regardless, it's nice to be reasonably accurate when we're tossing around claims.

[erikpukinskis]

“Conduct” in this case could mean performing but most likely means directing.

[shkkmo]

> There are plenty of people on the mainland that hate what's going on in HK, and who are not the government.

AFAIK, those people are generally not capable of performing a MITM attack on traffic coming from sources inside China.

[revicon]

How would a non-government entity achieve this?

[riffraff]

pwn a couple ad servers and service the poisoned js. It doesn't seem something that a dedicated malicious hacker group couldn't do.

[rndgermandude]

Except that's not what's happening here, unless your claim is they compromised baidu and Qihoo 360 and both don't care to fix it.

baidu and Qihoo 360 are massive companies. Serving the stuff either means they are doing it deliberately (on behalf of the government), or an active MITM is doing it, which given the scale can only mean ISP and ergo (since this is China) government level. The active MITM seems plausible since a) only unencrypted http traffic gets injected (so far), and b) the Chinese government wouldn't want to put the onus on two of their most important internet companies alone.

[JCharante]

Baidu could be doing it only to http traffic to make people think it's the government... But I can't imagine that they would want to seem as if they're putting words in the government's mouth.