Google makes a case for encrypting the Web
China kicked up a storm earlier this month when it was alleged to have used its “Great Cannon” weapon to carry out distributed denial of service (DDoS) attacks against GitHub, a code repository for open source projects, and GreatFire.org, a project that provides servers to aid Chinese citizens in circumventing the national firewall.
The attack was described as a significant escalation of state-level information control, but now Google is arguing it would never have been possible if Internet traffic were encrypted as standard.
“This provides further motivation for transitioning the web to encrypted and integrity-protected communication,” wrote Google security engineer Niels Provos in a blog post. “Unfortunately, defending against such an attack is not easy for website operators.”
Provos used Google’s Safe Browsing infrastructure to analyze the DDoS attacks on Greatfire.org, and said it was fairly prolonged. The Great Cannon began ‘testing’ the sites defences on March 1, before ramping things up for a more sustained assault from March 14 through to April 15.
“At first, requests were made over HTTP and then upgraded to to use HTTPS,” noted Provos. “On March 14th, the attack started for real and targeted d3rkfw22xppori.cloudfront.net both via HTTP as well as HTTPS. Attacks against this specific host were carried out until March 17th.”
Provos said it was during this phase of the attack that the cloudfront hosts suddenly started serving 302 redirects to greatfire.org, and other domains. It ceased substituting JavaScript on March 20, but continued injections into HTML pages for days afterwards.
Suddenly, on March 25, the Great Cannon switched focus from Greatfire.org to Github.
“The attack against GitHub seems to have stopped on April 7th, 2015, and marks the last time we saw injections during our measurement period,” wrote Provos.
Provos said that Google detected 19 different JavaScript payloads during the attack, and said the payloads were similar for the HTML attacks, though he was unable to determin a number.
According to Provos, had the entire web already moved to encrypted traffic via TLS, it would not have been possible to carry out an injection attack.
“In this case, the attack Javascript requests web resources sequentially and slowing down responses might have helped with reducing the overall attack traffic,” Provos wrote. “Another hope is that the external visibility of this attack will serve as a deterrent in the future.”
Image credit: PublicDomainPictures via Pixabay.com
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
