A non-profit devoted to battling censorship in China says that it has been hacked by the Chinese government.
GreatFire.org, whose name is a reference to the "Great Firewall of China" that Beijing has deployed to censor access to news and social media sites has provided users with a way to get around the digital blockade for years. Now the organizations' website, along with that of CN-NYTimes — a site that mirror's the content of the NY Times in Chinese — is the presumed target of a series of distributed denial of service (DDoS) attacks that targeted host GitHub on Thursday. The attacks have continued into Monday, shifting as GitHub has changed its defenses.
"Very clearly, the Cyberspace Administration of China is behind both of the recent DDoS attacks," Charlie Smith, co-founder of GreatFire.org, said in a statement provided to BuzzFeed News. "Hijacking the computers of millions of innocent internet users around the world is particularly striking as it illustrates the utter disregard the Chinese authorities have for international as well as even Chinese internet governance norms."
The website had previously avoided speculating about the origin of the attack. Now, Smith who uses a pseudonym to remain anonymous — said that the organization had the proof needed to identify the source of the attack. "We believe this is a major cyber-security and economic threat for the people of China," Smith wrote in a blog post on the site.
Using mirror websites hosted on large servers such as Amazon's Cloud Front, GreatFire.org is able to allow users within China to dodge around the censored sites and search terms the Chinese government has erected. According to a researcher at Insight Labs, the attack was made possible through a strain of JavaScript being inserted into users' browsers when visiting Baidu, a popular Chinese search engine. "When individuals visited Baidu, their browser would submit a request to both https://github.com/greatfire/ and https://github.com/cn-nytimes/, overwhelming each site with so much traffic that they would be knocked offline," the International Business Times explained.
GreatFire.org confirmed that distribution method in an 11 page report released on Monday afternoon. In it, the organization claims that around half of all of the DDoS requests came from users located near Taiwan and Hong Kong. In particular, the report says, "the tampering seems to take place when traffic coming from outside China reaches the Baidu's servers," unwittingly targeting "not thousands, but millions of computers around the world, which in their turn attack Amazon infrastructure."
The result was GreatFire.org on Thursday receiving 2.6 billion requests an hour for its mirrored websites, "which is about 2500 times more than normal levels." That in turn is preventing users inside of China from using GreatFire.org's pathways to access banned sites such as Facebook, Gmail, and news websites. While GitHub is currently operating at 100%, the attack remains ongoing, according to its website devoted to status updates.
Founded by three anonymous anti-censorship activists in 2013, GreatFire.org has received funding from the U.S. State Department for the website, though they deny that they are, as China's government has recently claimed, "anti-China."