Attack against GreatFire and Google’s Point of View

One of the major breaches nowadays has been that against GreatFire, a site that has been fighting China’s censorship heavily and that has raised a lot of reactions from the government. The DDoS attack was held in multiple phases (five to be exact) and lasted from March 3rd to April 7th of this year.

In order to tackle with the attack and inform the people who had been wondering what has happened, GreatFire published a blog post where it was clearly stated that: “We are under attack and we need help. Likely in response to a recent story in the Wall Street Journal (WSJ), we’ve experienced our first ever distributed denial of service (DDoS) attack. This tactic is used to bring down web pages by flooding them with lots of requests – at the time of writing they number 2.6 billion requests per hour. Websites are not equipped to handle that kind of volume so they usually “break” and go offline. This kind of attack is aggressive and is an exhibition of censorship by brute force. Attackers resort to tactics like this when they are left with no other options.”

Along with GreatFire, GitHub of course suffered from the very same attack. To those who do not know, GitHub is the largest code hosting service provider in the entire world. Apparently, great attention has been drawn to this DDoS attack and Google has analyzed the series of events for getting to conclude the following in a blog post by Niels Provos from Google Security Team: “In the middle of March, several sources reported a large Distributed Denial-of-Service attack against the censorship monitoring organization GreatFire.

Researchers have extensively analyzed this DoS attack and found it novel because it was conducted by a network operator that intercepted benign web content to inject malicious Javascript. In this particular case, Javascript and HTML resources hosted on were replaced with Javascript that would repeatedly request resources from the attacked domains.

While Safe Browsing does not observe traffic at the network level, it affords good visibility at the HTTP protocol level. As such our infrastructure picked up this attack, too. Using Safe Browsing data, we can provide a more complete timeline of the attack and shed light on what injections occurred when.”

As it has been clearly proven, it is really difficult to try and conceal the information of such attacks after they had taken place. So, with the proper analysis from the right minds, perhaps in the near future websites will not be in such a perilous environment.

Leave a Reply

Your email address will not be published. Required fields are marked *