China's anti-censorship GreatFire hit by first DDoS attack

Published: Sun, 22 Mar 2015 by Rad

GreatFire is the non-profit organization helping Chinese Internet users bypass the censorship of the Great Firewall. China's Great Firewall (GFC) is among the most technically sophisticated Internet filtering/censorship systems in the world. Its depth, scope, and capacity is certainly impressive. says the attack, which began on March 17, affects all of its mirror websites, the duplicate sites used to circumvent blocks in China - a workaround very similar to Tor's, first banned in China in 2009. The sites are apparently using Amazon and Akamai technologies, but company confirmed.

" began creating mirror sites in 2013 and now has 10, including a copy of Google, an uncensored version of Chinese microblog website Weibo, and a news website called Boxun that is often critical of the Chinese government,"

Struggling with bandwidth costs, GreatFire calls for help

The organization is asking for help to pay its operational costs.

"Because of the number of requests we are receiving, our bandwidth costs have shot up to USD $30,000 per day. We need companies like Amazon to be on our side and, more importantly, on the side of freedom of speech"


GreatFire also asked for help in areas:

  • bandwidth costs
  • calling for big companies to be on side of freedom of speach
  • help with managing of server load

DDos attack details

The attack started on March 17 and GreatFire are receiving up to 2.6 billion requests per hour which is about 2500 times more than normal levels.

The attack affects all mirror websites. It is not clear who is behind this attack. However, the attack coincides with increased pressure on GreatFire organization over the last few months. The Cyberspace Administration of China (CAC) publicly called them "an anti-China website set up by an overseas anti-China organization".

In other statement, GreatFire says that CAC has put pressure on various IT partners to stop working with GreatFire. There is also suspicion that that somebody was trying to impersonate GreatFire to intercept their encrypted email.

GreatFire uses collateral freedom method to unblock sites

GreatFire shares source code for their projects on Github page. Detailed document on topic of collateral freedom is attached under article.

It relies on creating mirror web sites while leveraging the global cloud infrastructure by creating 'unblockable' mirrors via unblockable cloud services. This approach would not have been possible five years ago because Amazon and other companies offering cloud hosting did not have the critical mass of clients necessary.

A critical mass is needed because China will clearly see that blocking all access to Amazon AWS, for example, would have devastating economic consequences inside of China. Great Firewall can selectively block urls, but only way to block a url from an encrypted domain is to block the entire domain.

Five years ago, not that many people were using cloud hosting so the government could afford to block the Amazon domain - today, that is possible, but highly unlikely.

Other also use collateral freedom method

On March 12, Reporters Without Borders (RWB) unblocked nine websites in different markets around the world, using GreatFire open source code, to mark World Day Against Cyber-Censorship.

"We are now proud to see that collateral freedom is being used not only in China but also in countries like Russia, Iran, Vietnam, Cuba and Saudi Arabia"

Reporters Without Borders were using the technique known as mirroring to duplicate the censored sites and place the copies on the servers of Internet giants such as Amazon, Microsoft and Google.

The full list of websites mirrored is available on GitHub: RSF-RWB/collateralfreedom

What is Great Firewall

The Great Firewall of China (Great Firewall, the abbreviation is GFW) is a blanket term used by international, including Chinese, media to refer to legislation and projects initiated by the Chinese government attempt to regulate the Internet in Mainland China.

It is the main instrument to achieve Internet censorship in China.

The Golden Shield project

Great Firewall heavily relies on The Golden Shield Project - a censorship and surveillance project operated by the Ministry of Public Security (MPS) division of the government of China.

It controls the Internet gateways where traffic travels between China and the rest of the Internet. Through a combination of firewalls and proxy servers at these gateways, they can analyze and manipulate Internet traffic.

Censorship isn't completely transparent. For example, if you try to access a blocked website, you may not see a message informing you that the website has been locked. You may just experience timeouts, blocked connections, and other error messages. Censorship can often be indistinguishable from website problems.

Blocking methods commonly used for censoring:

  • IP blocking
  • DNS filtering and redirection, DNS poisoning
  • URL filtering
  • Packet filtering
  • SSL man-in-the-middle attack
  • VPN/SSH traffic recognition

GreatFire and Great Firewall from around the web

Our previous news stories