Submitted by charlie on Tue, Mar 31, 2015
On March 17th 2015, our websites and partner websites came under a DDoS attack (link is external). We had never been subjected to an attack of this magnitude before. This attack was unusual in nature as we discovered that the Chinese authorities were steering millions of unsuspecting internet users worldwide to launch the attack. We believe this is a major cyber-security and economic threat for the people of China.
How did that get there?
After calling on the Internet community for help and assistance, independent researchers with access to our log files discovered the following facts:
Millions of global internet users, visiting thousands of websites hosted inside and outside China, were randomly receiving malicious code which was used to launch cyberattacks against GreatFire.org’s websites.
Baidu’s Analytics code (h.js) was one of the files replaced by malicious code which triggered the attacks. Baidu Analytics, akin to Google Analytics, is used by thousands of websites. Any visitor to any website using Baidu Analytics or other Baidu resources would have been exposed to the malicious code. A list of Baidu resources known to be used for the attack appears in the report (link is external).
That malicious code is sent to “any reader globally” without distinguishing that user’s geographical location, meaning that the authorities did not just launch this attack using Chinese internet users – they compromised internet users and websites everywhere in the world.
The tampering takes places someplace between when the traffic enters China and when it hits Baidu’s servers. This is consistent with previous malicious actions and points to the Cyberspace Administration of China (CAC) being directly involved in these attacks.
More technical details of the attack can be read in a research report (link is external) titled “Using Baidu to steer millions of computers to launch denial of service attacks”. [FULL STORY]