We reported a couple of weeks ago that GitHub was hit with a massive DDoS attack, and given the projects that were targeted; it was widely assumed that China was behind the attack. Now, there's even more evidence of that, and it appears that a brand-new weapon was used to carry the attack out.
According to a report from Citizenlab, China's attack against GitHub used a tool called 'Great Cannon' which acts as a man-in-the-middle attack to redirect traffic. It's been said that this attack involved "millions" of redirected HTTP requests, and according to TechCrunch, it pushed GitHub's Amazon EC2 bill to $30,000 per day.
GitHub is reported to have been attacked by Great Cannon last month
Up to this point, China has denied having involvement in these attacks, but the evidence is overwhelming that it was. To reiterate, it was Baidu's search traffic that was redirected, and the traffic was pushed towards two GitHub projects that help people get around the Great Firewall of China. It's not that difficult to put two and two together here.
What's concerning is that China's Great Cannon works well, and it's easy to put into use. And, while it requires a bunch of traffic to redirect, Baidu has lots. We'd have to assume that Baidu will put some protections into place after this debacle, but as we know all-too-well on this shore, it's rare when there's a hurdle the government can't easily step over.