On Thursday, March 19th, the chinese activist website Greatfire.org became the target of a rather huge, apparently HTTP-based DDoS attack, which is an application layer (Layer 7) attack. They say the attack size has been as large as 2.6 billion requests per hour, which translates into a bit more than 700.000 requests per second. Considering that most HTTP floods I’ve seen were below 20.000 requests per second, this was a rather large attack and therefore must have required a lot more resources on the attacker’s side than what is common.
One could speculate that the attack was initiated by chinese government officials for a couple of reasons. For once an attack of that size is not easy to generate and then the timing of the attack seems suspicious, because it happened after the Cyberspace Administration of China publicly called the activists “anti China” in a desperate attempt to get rid of them. Of course it’s also a possibility that the DDoS attacks were initiated by government sympathizers and not by actual officials – until now the details are unknown. Fun fact: China recently admitted it has a Cyber Army. Make your own assumption.
Greatfire.org is a website that helps citizens of China to bypass the Great Firewall of China, which is a content filter that censors the internet traffic of the whole country. The chinese government doesn’t allow its citizens to freely access any information in the world-wide web that’s not controlled by them. Even Google is blocked. With the help of the service the activists offer, the citizens of China are able to access at least a few websites, making it possible for them to read uncensored impartial information.
This recent DDoS attack is not the first attempt by the opposing party to shut down Greatfire.org. According to the activists, they became the victim of DNS poisoning in November 2014, which made their website unavailable through commonly used DNS resolvers. The attackers even tried to intercept their encrypted e-mails, the activists say.
China’s government is known to censor all information in an attempt to keep its citizens uneducated and remain in power. I think that in the 21st century that should not be possible for such a huge and technology-wise well-developed country as China. The activists ask for help with their $30.000/day Amazon AWS bill, which is the result of the currently ongoing attacks. At the time of writing it is still unclear whether Amazon will waive that bill or wants the activists to pay it. They further ask for help with the DDoS attacks to keep their website(s) online. If you can help with your expertise, they sure would be grateful.