What's up with Chinese DDoS astroturfing?

The Great Firewall of China, which sits between users in China and sites outside of China, is regularly the source of DDoS attacks. In January, the GFW redirected traffic from blocked sites in order to DDoS selected targets, and now the GFW is injecting malicious javascript that causes browsers to repeatedly make requests to a site that hosts information about the GFW.

None of this is new. DDoS attacks have been coming out of China for ages, and because of the mechanisms used, most people think the Chinese government is directly involved.

What’s new is that there’s astroturfing denying that the Chinese government is involved in venues that I read. Nowadays, comments like these pop up on discussions of Chinese DDoS attacks:

I think you are wrong here. Everyone is innocent until proven guilty! Also I don’t think its hard to negotiate with the Chinese government unless you are an ambassador and had previous experience with them before? And any government would deny an attack under any circumstances… if not that leaves them exposed!

The bit about negotiating is because someone commented that, as the administrator of a website, you probably can’t negotiate with the Chinese government.

There’s a sameness to all these comments. There are two things about this that seem counterproductive.

First, if you believe the claims made by these comments, it implies that the operators of the GFW, the Chinese government, are spectacularly incompetent. Their infrastructure is regularly compromised and used for DDoS attacks, sometimes for weeks at a time, and they’re helpless to stop it. I suppose it depends on the goals, but this seems worse than the original interpretation that the Chinese government is behind the attacks.

Second, the astroturfing is really blatant. With the resources they have available, I’m sure they’ll figure out how to get their commenters to sound less like they’re regurgitating propaganda and more like they’re genuinely curious about why those evil hackers are maliciously hacking things in a way that makes it look like the Chinese government is involved. But when that happens, everyone will remember the egregious astroturfing that’s been going on for months, which will cast doubt on any claims that the Chinese government isn’t responsible, no matter how plausible they are.

Maybe the folks running the astroturfing campaign subscribe to the motto that there’s no such thing as bad publicity, but I don’t think that applies when you’re trying to run a covert propaganda campaign.

This also raises the broader question, what fraction of the internet is made up of covertly paid-for content? Apparently, you can get $5 per comment for 200 character comments. People often say that ad revenue drives a huge fraction internet content, but propaganda pays a lot better than ad impressions. This blog gets a decent amount of traffic (50k-120k hits a month, lately), but you can make more money astroturfing for a day than you can if you run ads on a blog like mine for a year.

Thanks to Daniel Gackle and Mindy Preston for comments and corrections.

← Dunning-Kruger and other bogus memes Combining AFL and QuickCheck for directed fuzzing →