Feeds

Great Firewall architects fingered for GitHub attack

Crude man-in-the-middle attack followed White House petition

  • alert
  • submit to reddit

Providing a secure and efficient Helpdesk

The Chinese computer scientists who helped build the country’s infamous Great Firewall may have been responsible for a man-in-the-middle attack on users of GitHub after they were named and shamed on the social code sharing site.

This is the theory put forward by GreatFire.org, a not-for-profit organisation which monitors and reports on online censorship in China. It explained in a blog post that users trying to access GitHub last weekend were faced with browser messages warning of an invalid SSL certificate – a tell-tale sign of a man-in-the-middle attack.

“The attack happened on a Saturday night. It was very crude, in that the fake certificate was signed by an unknown authority and bound to be detected quickly. The attack stopped after about an hour,” said GreatFire.org.

Its theory is that the attack was connected to a high profile petition created on the White House web site the day before.

This petition – which has now amassed over 9,000 signatures and could theoretically end up influencing US policy – calls on the Obama administration to deny entry to the architects of the Great Firewall, should they try and visit the US in the future.

A link on the petition takes the user to another GitHub page listing the names and some contact details of three key figures responsible for the Great Firewall.

Among the comments are the supposed address and ID number of Fang Binxing – often dubbed Father of the Great Firewall – and a link to another list with scores of others named and shamed.

GreatFire argued that because GitHub is HTTPS only, the authorities in China cannot block individual pages but only the entire site. This actually happened around a fortnight ago but after pretty vocal protests from developers who rely on the site to collaborate, it was unblocked again.

In this way, “the only tool left in the censorship toolbox is man-in-the-middle attacks” which can help the attackers intercept and monitor traffic, said GreatFirewall, adding the following:

"The whole episode seems rather irrational. It’s conceivable that one or several individuals identified on these lists as enemies of a free internet decided to take action into their own hands. They are the technical people behind the Great Firewall and so they would clearly be capable of implementing this attack. They had a motive in that they were personally being targeted by the people behind the White House petition. And they had no other options since they had been barred from blocking GitHub completely."

The Party has certainly been unafraid in the past to completely block sites or even cut the internet for large swathes of the population if social order is threatened.

However, it faces a more difficult problem if the sites in question are deemed too important to the international competitiveness of Chinese businesses to take down completely – as GitHub’s supporters argued.

This is where man-in-the-middle comes in. Although the attack last weekend was limited in scope, pretty crude and flagged by most browsers, GreatFire warned that such attacks may become more common and sophisticated in the future, especially if the number of sites in China using HTTPS keeps growing. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Hackers thrash Bash Shellshock bug: World races to cover hole
Update your gear now to avoid early attacks hitting the web
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.