Some website owners are baffled by what amounts to DOS attacks on their sites since they originate from China. Why should some site that has nothing to do with things Chinese be subject to attacks that route back to the PRC?:
Software designer Craig Hockenberry noticed something very strange was happening to his small corporate website. . . one morning last month: traffic had suddenly spiked to extremely high levels—equivalent to more than double the amount of data transmitted when Kim Kardashian’s naked photos were published last year. The reason, he quickly discovered, was that China’s Great Firewall—the elaborate machinery that China’s government uses to censor the internet—was redirecting enormous amounts of bogus traffic to his site, which designs online icons, quickly swamping his servers. (cite)
This resulting denial-of-service (DOS) attack happens due to something referred to as “DNS poisoning” when servers (in China) that keep the addresses of sites are used to redirect traffic away from certain sites that a deemed sensitive to government personnel, they redirect inquiries to completely different sites deliberately. The result is a mass of traffic is directed to one site, which can quickly overload their servers.
South Korea is not immune to this sort of Chinese DNS poisoning either, China has also done the same thing to South Korean Government sites in the past. As shown below, at one time, Chinese web users were unwittingly used to DDOS a Korean Government website – just because (cite). Even French sites have been hosed by the Great Firewall – no where is now safe.
Even now, an American company’s site – GitHub – has been subject to just such an attack, which appears to be a deliberate attempt by the PRC Government to prevent Chinese net users from gaining access to their GitHub tools that would allow users to view sites and information on the internet that has been censored behind the “Great Firewall” in China:
The attack on San Francisco-based GitHub Inc., a service used by programmers and major tech firms world-wide to develop software, appears to underscore how China’s Internet censors increasingly reach outside the country to clamp down on content they find objectionable. . . Specifically, the traffic was directed to two GitHub pages that linked to copies of websites banned in China, the experts said. One page was run by Greatfire.org, which helps Chinese users circumvent government censorship, while the other linked to a copy of the New York Times ’s Chinese language website.
Likewise, there are certain things related to South Korea that are off-limits to the average Chinese citizen as can be seen here.
Another variation of this DNS poisoning involves scripts to reroute traffic. The basic pattern of this sort of attack is as follows:
- An innocent user browses the internet from outside China
- One website the user visits loads an analytics script – a sequence of instructions – from a server in China, for example Baidu, something that often used by web admins to track visitor statistics
- The web browser’s request for the Baidu script is detected by Chinese equipment as it enters the country
- A fake response is sent out from within China instead of the actual Baidu Analytics script. This fake response is a malicious script that tells the user’s browser to continuously reload two specific pages on GitHub.com