Chinese anti-censorship group GreatFire.org hit by aggressive DDoS attack
A group dedicated to fighting Chinese internet censorship has been hit with an “aggressive brute force” cyberattack for the first time after it was revealed it was helping people in China access banned websites and social media services.
GreatFire.org, which is a run by a group of three activists, aims to monitor the level of internet censorship in China which has become known as the Great Firewall and bans hundreds of websites including Gmail, Facebook, Twitter, YouTube, and most recently Reuters.
The activist group revealed that while it doesn’t know who is behind the attack, the massive distributed denial of service (DDoS) attack coincides with increased pressure on the organisation over the last few months.
“The Cyberspace Administration of China (CAC) publicly called us ‘an anti-China website set up by an overseas anti-China organisation’. We also know that CAC has put pressure on our IT partners to stop working with us. Recently, we noticed that somebody was trying to impersonate us to intercept our encrypted email.”
In a blog post entitled We Are Under Attack, GreatFire.org said that “this kind of attack is aggressive and is an exhibition of censorship by brute force.” According to the group, its mirror sites received up to 2.6 billion requests per hour, which is about 2,500 times more than normal levels.
Access banned websites
The attack came a day after a report in the Wall Street Journal revealed that services such as GreatFire.org, Tor and Lantern were using cloud services to allow people in China to access banned websites.
The system, known as collateral freedom by GreatFire.org, works by sending two requests from a user’s computer. One request is for access to an unbanned website which is unencrypted and seen by the sensors in China. The other is for a banned service (such as Gmail, Facebook, Twitter etc) but is encrypted so the censors cannot see it.
The encrypted request is sent to a cloud service such as Amazon Web Services or Microsoft’s Azure, and it is then either sent to on to the banned website or to a mirror of that site stored in the cloud.
The systems are implemented without the knowledge of companies like Amazon or Microsoft, and the cloud providers are looking to stop them from working as they do not want to be added to the banned list in China, which is an important and growing market in the cloud industry.
GreatFire.org uses Amazon Web Services to host its mirror sites and said that based on the massive level of traffic, it would need to pay $30,000 (£20,200) per day for bandwidth. It has called on supporters to donate to the cause to help keep the service up-and-running.
The group says that it has upgraded to faster servers to handle such attacks and many have urged it to consider getting DDoS protection from a company such as CloudFlare.