China launches MITM attack on GitHub

It appears that China recently launched a poorly executed Man in the Middle (MITM) attack on GitHub.

Greatfire.org has all the details.

In short:

GitHub.com is an https only website, so the only way to monitor it is to use a MITM attack to decrypt the contents of the communications. There is evidence that GitHub is widely used in China for code sharing, so the backlash from blocking it completely was too large, and it was unblocked a few days later.

The attack happened on January 26. It was poorly executed in that the faked certificate did not match the real one in any of the meta-data and it was not signed by a recognized certificate authority. This caused most browsers to report a security error. The MITM attack only lasted about an hour.

Based on reports it only impacted users in China, which strongly suggests that it was government backed at some level. My work in censorship circumvention over the years has shown that China is far from monolithic. This could have been the work of a local government or regional ISP. I have not seen an analysis showing if this was country wide or not. It seems very ham fisted for the central government.

The speculated reason for the attack is to monitor access to a list of people who have been involved in creating the Great Firewall of China, which is hosted on GitHub, and is connected to a petition on Whitehouse.gov proposing that those people be denied entry to the US.