Feeds

Great Firewall architects fingered for GitHub attack

Crude man-in-the-middle attack followed White House petition

  • alert
  • submit to reddit

Choosing a cloud hosting partner with confidence

The Chinese computer scientists who helped build the country’s infamous Great Firewall may have been responsible for a man-in-the-middle attack on users of GitHub after they were named and shamed on the social code sharing site.

This is the theory put forward by GreatFire.org, a not-for-profit organisation which monitors and reports on online censorship in China. It explained in a blog post that users trying to access GitHub last weekend were faced with browser messages warning of an invalid SSL certificate – a tell-tale sign of a man-in-the-middle attack.

“The attack happened on a Saturday night. It was very crude, in that the fake certificate was signed by an unknown authority and bound to be detected quickly. The attack stopped after about an hour,” said GreatFire.org.

Its theory is that the attack was connected to a high profile petition created on the White House web site the day before.

This petition – which has now amassed over 9,000 signatures and could theoretically end up influencing US policy – calls on the Obama administration to deny entry to the architects of the Great Firewall, should they try and visit the US in the future.

A link on the petition takes the user to another GitHub page listing the names and some contact details of three key figures responsible for the Great Firewall.

Among the comments are the supposed address and ID number of Fang Binxing – often dubbed Father of the Great Firewall – and a link to another list with scores of others named and shamed.

GreatFire argued that because GitHub is HTTPS only, the authorities in China cannot block individual pages but only the entire site. This actually happened around a fortnight ago but after pretty vocal protests from developers who rely on the site to collaborate, it was unblocked again.

In this way, “the only tool left in the censorship toolbox is man-in-the-middle attacks” which can help the attackers intercept and monitor traffic, said GreatFirewall, adding the following:

"The whole episode seems rather irrational. It’s conceivable that one or several individuals identified on these lists as enemies of a free internet decided to take action into their own hands. They are the technical people behind the Great Firewall and so they would clearly be capable of implementing this attack. They had a motive in that they were personally being targeted by the people behind the White House petition. And they had no other options since they had been barred from blocking GitHub completely."

The Party has certainly been unafraid in the past to completely block sites or even cut the internet for large swathes of the population if social order is threatened.

However, it faces a more difficult problem if the sites in question are deemed too important to the international competitiveness of Chinese businesses to take down completely – as GitHub’s supporters argued.

This is where man-in-the-middle comes in. Although the attack last weekend was limited in scope, pretty crude and flagged by most browsers, GreatFire warned that such attacks may become more common and sophisticated in the future, especially if the number of sites in China using HTTPS keeps growing. ®

Remote control for virtualized desktops

More from The Register

next story
Knock Knock tool makes a joke of Mac AV
Yes, we know Macs 'don't get viruses', but when they do this code'll spot 'em
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
Why weasel words might not work for Whisper
CEO suspends editor but privacy questions remain
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
BlackEnergy crimeware coursing through US control systems
US CERT says three flavours of control kit are under attack
prev story

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.
Website security in corporate America
Find out how you rank among other IT managers testing your website's vulnerabilities.