An activist group that monitors Chinese web blocks has suffered a sustained distributed denial of service (DDoS) attack that has seen its server costs soar to $30,000 a day.
Censorship watchdog GreatFire.org’s mission is to bring an end to Chinese censorship of the web, something it helps accomplish by mirroring sites, such as Google and Facebook, that are otherwise blocked by the Great Firewall of China.
By hosting the mirrors on content distribution networks (CDNs) that use the same hosting services that many legitimate Chinese sites rely on, such as Amazon Web Services, the group’s strategy has worked up until now as the only effective response from the authorities would most likely also take out Chinese businesses.
In fact the strategy has been so successful that GreatFire previously told Google that it could help the company take down all Chinese censorship within 10 days.
Now, however, the group has experienced its first ever denial of service attack, receiving 2500 times more traffic than normal, prompting Greatfire admin and co-founder Charlie Smith to say:
This kind of attack is aggressive and is an exhibition of censorship by brute force. Attackers resort to tactics like this when they are left with no other options.
Smith said the attack, which is delivering up to 2.6 billion requests per hour, started on Thursday, shortly after an article about how the group used cloud services to circumvent censorship appeared on the Wall Street Journal website.
The magnitude of the attack poses a challenge to GreatFire and Smith admitted the group was unable to cope with the technical challenges.
Furthermore, the financial implications of the vast number of requests being made could cripple the group – it is currently unaware of how Amazon will react to the huge bandwidth bill currently being racked up:
Because of the number of requests we are receiving, our bandwidth costs have shot up to US$30,000 per day. Amazon, which is the service we are using, has not yet confirmed whether they will forgo this.
It’s not currently clear who may be behind the attack but people are looking to China as a suspect.
Not only do the authorities wish to block access to the sites GreatFire makes available, the country has been suspected of using similar tactics before to take down activist websites, and accusations of state-sponsored hacking are commonplace.
GreatFire says it doesn’t know who is behind the attack, but said “the attack coincides with increased pressure on our organization over the last few months”.