Cybersecurity

Report: China hijacking computers worldwide to suppress information

Cyber terror, hackers, hacking, CIA
Getty Images

The Chinese government is co-opting millions of Internet users worldwide to launch cyberattacks, according to a report released Monday.

“Global readers visiting thousand of websites hosted inside China are randomly receiving malicious code that will force them to launch cyberattacks,” said the report, a collaboration between an independent security researcher and GreatFire, a Chinese digital censorship watchdog.

It’s an emerging method of controlling the flow of information within the East Asian power, analysts say.

{mosads}China has been widely suspected in two recent digital assaults: one on GreatFire itself and another on the popular coding site GitHub. But researchers admitted they lacked definite proof.

The report released Monday claims to have that proof.

It shows both the GitHub and GreatFire cyberattacks used the same method: injecting malicious code into Internet traffic coming into China that then redirected traffic from those users to specific sites. The user was none the wiser.

It also pointed the finger squarely at Beijing.

Two weeks ago, GreatFire noticed its sites were being bombarded with massive amounts of traffic, roughly 2.6 billion requests per hour. That’s about 2,500 times GreatFire.org’s normal traffic rate.

The concentrated flood of activity is called a distributed denial of service (DDoS) attack. It can push a site offline and drive up bandwidth costs. GreatFire’s bill skyrocketed to $30,000 a day during the attack, a hefty tab for a nonprofit.

Last Thursday, the coding forum GitHub started experiencing a similar assault.

GitHub offers code that creates “mirror” sites for content blocked in China. GreatFire had also posted code to GitHub for mirrors of blocked sites such as Google and the BBC.

According to security experts, the attack on GitHub was targeting two pages — the one with code from GreatFire, and another with links to mirror sites of a New York Times Chinese translation.

It took four days for the coding repository to fully rebuff the onslaught, although the attack continues.

“We now have proof,” a GreatFire member told Motherboard on Monday. “The Cyberspace Administration of China is behind both of the recent DDoS attacks.”

To launch the attacks, China is taking advantage of the wide footprint of Baidu, essentially China’s version of Google, the report said.

Many sites within China make use of Baidu’s servers. For instance, they send digital analytics traffic back to Baidu, the same way that Google collects information on Internet browsing.

When outside readers are loading Web pages using Baidu’s servers, the analytics code is swapped out for malicious code. The nefarious code then directs traffic to specific sites.

“That malicious code is sent to ‘any reader globally’ without distinction of geographical location with the only purpose of launching a denial of service attack,” the report said.

In this manner, China generated an army of over 10 million computers worldwide that occasionally pinged GreatFire.org’s servers.

Chinese officials have denied any involvement.

During a Monday press conference, Foreign Ministry Spokesperson Hua Chunying addressed the report.

“It is quite odd that every time a website in the US or any other country is under attack, there will be speculation that Chinese hackers are behind it,” she said. “I’d like to remind you that China is one of the major victims of cyber attacks.”

Tags
See all Hill.TV See all Video

Most Popular

Load more

Video

See all Video