Week in Review: March 2, 2018

Github targeted in largest recorded DDoS attack

On February 28 and March 1, the developer website Github faced “the most powerful distributed denial of service attack [DDoS] recorded to date,” writes Wired. In Github’s incident report, Akamai’s real-time traffic information shows that the DDoS attack clocked in at 1.35 terabits per second of traffic. According to the network intelligence company ThousandEyes, “Github was quite efficient in mitigating the DDoS attack. Within minutes, the attack was identified and DDos defense mechanisms kicked in.”

The attacker(s) used an amplification attack made possible by abusing a misconfiguration in memcached servers. By spoofing Github’s IP addresses, the attackers could fool the servers into targeting Github, sending up to 51KB for every byte sent by the attacker. In 2015, Github was the target of multi-day large-scale DDoS attack by an attacker that some Internet activists allege to be China.

To follow U.S. network attacks and threat data, see this Internet Monitor dashboard.

The Fight Online Sex Trafficking Act moves to U.S. Senate

The U.S. House of Representatives passed H.R. 1865 All States and Victims to Fight Online Sex Trafficking Act (FOSTA), which would allow for prosecutors and sex trafficking survivors to pursue legal action against websites hosting sex trafficking related content, reports The Verge.

According to The Washington Post, the bill came to the House after a Congressional investigation into Backpage.com, a website which hosts ads for sex workers, some of whom have been trafficked. The bill has found support from tech company executives at Facebook, IBM and Oracle.

The Electronic Frontier Foundation (EFF) pushed back against the bill, contending that it does not help fight sex trafficking and would lead to greater censorship of user speech. While Section 230 of the Communications Decency Act (CDA) protects platforms such as discussion boards or news comment sections from intermediary liability, “FOSTA would punch a major hole in Section 230” by allowing websites to be sued for user actions. As a result, EFF warns that “some online services might react by prescreening or filtering user posts. Others might get sued out of existence. New companies, fearing FOSTA liabilities, may not start up in the first place … Perversely, some of the discussions most likely to be censored could be those by and about victims of sex trafficking. Overzealous moderators, or automated filters, won’t distinguish nuanced conversations and are likely to pursue the safest, censorial route.”

China’s censors Winnie the Pooh, the letter N during censorship crackdown after proposed presidency extension

Chinese government censors have cracked down on a number of sensitive terms shortly after the government proposed an amendment to its constitution to extend President Xi Jinping’s term limit, reports the BBC. China Digital Times, which monitors blocked terms on Weibo, shows that sensitive terms include “personality cult”, “Brave New World”, and “Animal Farm.”

A New York Times report draws attention to the banning of Winnie the Pooh and the letter “N”

In a 2017 article, the New York Times explains that government officials moved to censor Winnie the Pooh after Chinese commenters began sharing memes comparing President Xi Jinping to the fictional bear. As for the letter “N”, University of Pennsylvania Professor Victor Mair, posits one plausible explanation: “This is probably out of fear on the part of the government that "N" = "n terms in office", where possibly n > 2;” Quoted in a Guardian article, one of the co-founders of GreatFire.org, a group documenting Chinese censorship, said that “the response from Chinese netizens indicates that Xi may have miscalculated how this would be received by the general public. Hence, he has asked the censors to put in overtime and things like the letter ‘N’ end up as collateral damage.”