Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Wider use of HTTPS could have prevented attack against GitHub

Jeremy Kirk | April 6, 2015
The attack against GitHub was enabled by someone tampering with regular website traffic to unrelated Chinese websites, all of which used a JavaScript analytics and advertising related tool from Baidu.

Even if Baidu does that, there are still ways to interfere, however. The Chinese government could force Baidu to turn over the private keys it uses to encrypt traffic, which then would allow visibility into the data, Budington wrote. Or, the government could force Baidu to deliver its malicious code.

GitHub's problems came just ahead of the signing of an executive order on Wednesday by U.S. President Barack Obama that authorizes sanctions against perpetrators of cyberattacks. The sanctions are intended to act as a punishment when nations are unwilling or unable to crack down on those responsible, Obama said.

The U.S. has become increasingly aggressive in laying blame for cyberattacks, which it claims have damaged businesses. In mid-December, North Korea was blamed for the devastating attacks against Sony Pictures Entertainment. Obama subsequently authorized even more sanctions against the already marginalized country.

In the first legal action of its kind in May 2014, federal prosecutors charged five members of the Chinese Army with stealing trade secrets from U.S. organizations over eight years. China denied the accusations.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.