GitHub Hit By DDoS Attack, Again

The popular code repository website GitHub was hit by a cyberattack on Tuesday morning, just a few months after it suffered a massive and enduring distributed denial of service attack, which was linked to China.

The company disclosed the new attack on Twitter and on its status page.

The connectivity problems have been identified as a DDoS attack. We're working to mitigate now.

GitHub StatusAugust 25, 2015

Roughly four hours after GitHub reported the first disruptions due to the attack, the company announced that everything was back to normal. Reached via email, a company spokesperson declined to provide more details about the attack beyond the scant timeline published on GitHub's status page.

But many observers noticed that the timing of the attack might indicate that China is again to blame. Last weekend, Shadowsocks, a popular tool created by Chinese hackers to circumvent China's censorship system, was forced to shut down, apparently due to pressure from the Chinese government.

The developer of the tool, who's only known as "clowwindy," wrote on the tool's GitHub page that he or she had to take down the code at the request of Chinese police. (Clowwindy's message has since been edited, removing any mention of police pressure, but is still readable on archived versions of the GitHub page, as well as countless screenshots.)

A message from author of Shadowsocks, which is probably the most pop & reliable GFW circumventing tool used in China. LibdaveAugust 25, 2015

The developer of Shadowsocks also posted the message "removed due to regulations" on all of the tool's GitHub pages.

Following Shadowsocks' sudden demise, another circumvention tool, GoAgent, mysteriously removed its code from GitHub as well, leaving only a cryptic message that read "everything that has a beginning has an end."

"There is a massive crackdown happening on circumvention tools," Charlie Smith, one of the founders of the Chinese anti-censorship group GreatFire, told Motherboard in an email. And while there's no indication that it has anything to do with the DDoS on Github, "that is likely as good an explanation as any."

The Chinese embassy did not answer to a request for comment, and it has to be noted that other than the timing, there is no indication right now that China is behind the DDoS attack. The country, however, has a long history of spats with GitHub.

Adam Fisk, the founder of Lantern, another censorship circumvention tool, agreed with Smith. Targeting GitHub would make "a lot of sense," he told Motherboard in an email, because the site is now full of copies, or "forks," of Shadowsocks' code repositories.

"A lot of Shadowsocks users are already using things like GitHub, and with Shadowsocks getting shut down they're all going to GitHub looking for Lantern or Shadowsocks mirrors," Fisk added.