China Accused of 'Weaponizing' Global Internet Users

Share on WhatsApp
Share on WhatsApp
china-internet-cafe-beijing-may12-2011.jpg A man surfs the internet at a coffee shop in Beijing in a file photo.

Internet activists on Tuesday accused Chinese authorities of carrying out or enabling massive cyberattacks on the anti-censorship website and coding site GitHub, saying Beijing had "weaponized" innocent Internet users around the world to target sites offering ways around its Great Firewall.

"Based on the technical forensic evidence provided above and the detailed research that has been done on the GitHub attack, we can now confidently conclude that the Cyberspace Administration of China (CAC) is responsible for both of these attacks," said in an article on its website on Tuesday.

"In one quick movement, the authorities have shifted from enforcing strict censorship in China to enforcing Chinese censorship on Internet users worldwide," it said.

"Now CAC has weaponized the entire Internet population," the article said.

U.S.-based China scholar and former online editor Li Hongkuan agreed, adding that from April, Beijing will move its Great Firewall outwards into a more aggressive phase.

"Previously, they directed most of their efforts towards defending and blocking, but now they are directing their energies towards malicious attacks on overseas websites," Li said.

"This change in direction will be launched in April," he said.

"Currently, the Chinese government and military are behind the majority of global cyberattacks, the majority of which come from mainland China."

Official involvement seen

Rutgers University computer scientist Zhou Shiyu said the recent attacks come after several years of intensive development by Beijing of its cyberattack capabilities.

"The Chinese authorities began training specialists to carry out hacker activities online a long time ago," Zhou said.

"They have poured a lot of money into setting up cyberattack research facilities, and into improving their hacking capabilities," he said.

According to Li, some 80-90 percent of attacks likely have Chinese official involvement behind the scenes.

"Only the Chinese government could mobilize the enormous financial and human resources needed to carry out such actions," Li said.

"The sheer size and number of these attacks shows that these are the sort of attacks that only the government would be able to mount," Li said.

He said the attacks are unlikely to be the work of independent Chinese hackers, who would be deterred by rapid and oppressive enforcement of laws forbidding hacker activity.

GreatFire said independent security researchers had tracked down the trigger for the DDoS (distributed denial of service) attack on GitHub to a piece of malicious code which instructs users' browsers to request GitHub pages, swamping the server with millions of requests a second.

High-level clearance

It said such code could only have been inserted in the manner detected by someone with high-level clearance to access the Chinese Internet backbone.

"Even if CAC did not launch the DDoS attack directly, they are responsible for managing the Internet in China and it is not possible that they did not know what was happening," GreatFire said.

It said Chinese Internet censorship has evolved into an active and aggressive filter that imposes Beijing's censorship filters on users worldwide.

"In one quick movement, the authorities have shifted from enforcing strict censorship in China to enforcing Chinese censorship on Internet users worldwide," it said.

It said Beijing can launch such attacks quickly and easily on websites anywhere in the world.

The article accused Beijing of "hijacking the computers of millions of innocent Internet users around the world" to carry out the GitHub attack using malicious Javascript code inserted into computers of visitors to the Chinese Internet portal Baidu.

The attack on GitHub began last Thursday, and was described by the coding website as the largest DDoS attack in its history.

'Sophisticated, new techniques'

The attack made use of every known method to launch the DDoS attack, but also employed "sophisticated new techniques that use the web browsers of unsuspecting, uninvolved people to flood with high levels of traffic," GitHub said in a statement on its website.

"Based on reports we've received, we believe the intent of this attack is to convince us to remove a specific class of content," it said.

According to, the statement refers to tools it developed and placed on GitHub allowing Chinese Internet users to circumvent the complex system of blocks, filters, and human censorship known as the Great Firewall.

"To mitigate the DDoS attack, we mirrored content on our GitHub repository and asked users to access that page directly. The attackers then switched their attack to our GitHub page," GreatFire said.

Baidu has denied any involvement in the attack. The company said in a statement: "After careful inspection by Baidu's security engineers, we have ruled out the possibility of security problems or hacker attacks on our own products."

China and the United States have repeatedly traded accusations of cyberattacks.

In particular, China has denied claims that its People's Liberation Army (PLA) cyberspace unit in Shanghai was behind a series of hacker attacks on U.S. corporate networks in recent years.

Earlier this month, the country's defense ministry denied fresh allegations that the PLA's secretive Unit 61398 had attacked

Reported by Xi Wang for RFA's Mandarin Service. Translated and written in English by Luisetta Mudie.


Add your comment by filling out the form below in plain text. Comments are approved by a moderator and can be edited in accordance with RFAs Terms of Use. Comments will not appear in real time. RFA is not responsible for the content of the postings. Please, be respectful of others' point of view and stick to the facts.