GitHub's servers seem to have been forged with attacks DDoS by an unsuspecting army that doesn't even know it's being attacked.
It seems that the thousands of users who visit various websites that display ads but also the code monitorings from Baidu – China's answer to Google – network gateways somewhere near the Chinese border were silently injecting a JavaScript into all these websites.
The result;
This simple code allows browsers to connect "underground" to GitHub.com every two seconds, creating "an extremely large volume of traffic," the company said.
JavaScript specifically targets two Web sites hosting its projects Greatfire and CN-NYTimes. These two projects were developed to help Chinese citizens bypass China's Great Firewall. China's firewall has been built by the state to block censorship services such as VPNs, displaying information that the Chinese government does not like, such as the massacre in the square Tiananmen.
The company officially said on Friday that the bursts of excessive traffic were the result of a series of denial-of-service.
“We have restored service to all users, and diverting traffic from the attack is our first priority. We have already developed volumetric attack defenses for stabilization performance.”
The two targets chosen by the hackers accurately indicate the origin of the attack through JavaScript, and while everyone naturally assumes the attack began, there is no evidence of the involvement of the Chinese government.