Quotulatiousness

April 12, 2015

The Great Firewall of China has a new capability

Filed under: China, Technology — Tags: , , — Nicholas @ 04:00

At The Register, Shaun Nichols talks about the new, weaponized Great Firewall of China:

China has upgraded the website-blocking systems on its borders, dubbed The Great Firewall, so it can blast foreign businesses and orgs off the internet.

Researchers hailing from the University of Toronto, the International Computer Science Institute, the University of California Berkeley, and Princeton University, have confirmed what we’ve all suspected: China is hijacking web traffic entering the Middle Kingdom to overpower sites critical of the authoritarian state.

Typically, connections to web servers in the People’s Republic must pass through the nation’s border routers, which may inject malicious JavaScript into the fetched web pages. This code forces victims’ browsers to silently and continuously fire requests at selected targets.

These sites may end up being overwhelmed and crash as a result — a classic denial of service — meaning no one in the world can access them.

It is a clear case of China engineering a way to knock arbitrary websites off the internet for everyone, it seems.

Such an attack was launched last month at California-based GitHub.com, which was hosting two projects that circumvented the Great Firewall’s censorship mechanisms, and GreatFire.org, a website dedicated to fighting China’s web blocking. GitHub mitigated the assault to mostly stay online.

This weaponized firewall has been dubbed the Great Cannon by the researchers, and typically hijacks requests to Baidu’s advertising network in China. Anyone visiting a website that serves ads from Baidu, for example, could end up unwittingly silencing a foreign site disliked by the Chinese authorities.

October 5, 2009

Anonymous and the Church of Scientology

Filed under: Liberty, Religion, Technology — Tags: , , , — Nicholas @ 07:41

Julian Dibbell looks at the beginnings of the “Anonymous” campaign against the Scientologists:

In the evening of January 15, 2008, a 31-year-old tech consultant named Gregg Housh sat down at the computer and paid a visit to one of his favorite Web sites, the message board known as 4chan. Like most of the 5.9 million people who visit the site every month, Housh was looking for a few cheap laughs. Filled with hundreds of thousands of brief, anonymous messages and crude graphics uploaded by the site’s mostly male, mostly twentysomething users, 4chan is a fountainhead of twisted, scatological, absurd, and sometimes brilliant low-brow humor. It was the source of the lolcat craze (affixing captions like “I Can Has Cheezburger?” to photos of felines), the rickrolling phenomenon (tricking people into clicking on links to Rick Astley’s ghastly “Never Gonna Give You Up” music video), and other classic time-wasting Internet memes. In short, while there are many online places where you can educate yourself, seek the truth, and contemplate the world’s injustices and strive to right them, 4chan is not one of them.

Yet today, Housh found 4chan grappling with an injustice no Internet-humor fan could ignore. Days earlier, a nine-minute video excerpt of an interview with Tom Cruise had appeared unauthorized on YouTube and other Web sites. Produced by the Church of Scientology, the clip showed Cruise declaring himself and his co-religionists to be, among other remarkable things, the “only ones who can help” at an accident site. For the online wiseasses of the world, the clip was a heaven-sent extra helping of the weirdness Tom Cruise famously showed on Oprah. But then, suddenly, it was gone: Scientologists had sent takedown notices to sites hosting the video, effectively wiping it from the Web.

Housh and other channers knew that Scientology had a long history of using copyright law to silence Internet-based critics. But this time, maybe because the church was stifling not just unflattering content but potential comedy gold, the tactic seemed to inflame the chortling masses. That evening, Housh logged in to an IRC channel frequented by like-minded chuckleheads and started talking with five others about the Cruise video. There was a sense that something must be done, but what? One of them logged out and posted a call to action on 4chan and some similar sites. By the middle of the night, 30 people had joined the chat. Within a couple of days, a consensus emerged: They would take down the main Scientology Web site with a massive distributed denial-of-service attack, or DDoS.

August 7, 2009

DDoS attacks target one pro-Georgian user

Filed under: Russia, Technology — Tags: , , — Nicholas @ 07:35

I find this hard to credit, but CBS says that yesterday’s distributed denial-of-service attacks on Twitter, Facebook, YouTube, Blogger, and LiveJournal were all aimed at one particular user:

The blogger, who uses the account name “Cyxymu,” (the name of a town in the Republic of Georgia) had accounts on all of the different sites that were attacked at the same time, Max Kelly, chief security officer at Facebook, told CNET News.

“It was a simultaneous attack across a number of properties targeting him to keep his voice from being heard,” Kelly said. “We’re actively investigating the source of the attacks and we hope to be able to find out the individuals involved in the back end and to take action against them if we can.”

Kelly declined to speculate on whether Russian nationalists were behind the attack, but said: “You have to ask who would benefit the most from doing this and think about what those people are doing and the disregard for the rest of the users and the Internet.”

Twitter was down for several hours beginning early Thursday morning, and suffered periodic slowness and time-outs throughout the day.

If it turns out that this is true, I guess it’ll be easier to start looking for the controller of the massive botnet that conducted the attacks . . . and probably has a physical presence near the Kremlin.

Update: The Guardian has more on the story.

August 6, 2009

Twitter under DOS attack

Filed under: Americas, Technology — Tags: , , , , — Nicholas @ 13:58

Twitter users have been unable to access the site for most of Thursday morning, due to a Denial-of-Service (DOS) attack:

The extended silence in a normally noisy Twitterworld began around 9 a.m. Twitter later posted a note to its status update page saying the site had been slowed to a standstill by an attack.

In a denial-of-service attack, hackers typically direct a “botnet,” often made up of thousands of malware-infected home PCs, toward a target site in an effort to flood it with junk traffic. With the site overwhelmed, legitimate visitors cannot access the service.

“On this otherwise happy Thursday morning, Twitter is the target of a denial-of-service attack. Attacks such as this are malicious efforts orchestrated to disrupt and make unavailable services such as online banks, credit card payment gateways, and in this case, Twitter for intended customers or users,” co-founder Biz Stone said in a blog post. “We are defending against this attack now and will continue to update our status blog as we continue to defend and later investigate.”

Update: Service is back, intermittantly. More background on the attack here.

Powered by WordPress