
Ask HN: Why isn't the GitHub attack being covered by the news? - blamarvt
Why is this not in the mainstream news? Even if it&#x27;s not the Chinese government directly it&#x27;s a group with significant power inside China -- so why isn&#x27;t this being considered a foreign attack on a US company?
======
maebert
Here's how to make this news interesting to the mainstream:

"Chinese hackers cost US economy $100,000 / h"

Well, replace random accusations and numbers by facts of course, but that's a
valid question: How many employees can currently not to any meaningful work
because they don't have access to what they're supposed to work on? This times
salaries spent on them anyway is a good lower bound for the damage done to the
economy (actual damage should be higher since employees should of course add
more value to the economy than their salary).

~~~
Swizec
I do all my work via Github and honestly haven't noticed a single burp in the
service. Is anyone other than Github employees who have to deal with this even
affected?

~~~
jayrhynas
I've had troubles with the web interface and with pushing/pulling on and off
since Friday

~~~
nindalf
I pushed around 5-6 times and it failed only once.

------
rdl
I've had a fair number of press people contact me about this. I think the
issue is: github isn't a consumer service, and the attack is novel enough,
that explaining it requires explaining several things at the same time. Adding
In the gfw/China aspect makes it even more confusing.

This is the kind of story where a tech individual should probably do a
compressive blog post which gets syndicated, rather than relying on
journalists. I can understand why no one at Baidu, GitHub, or Fastly is doing
this, though.

~~~
brudgers
The mainstream press also has an interest in operating on the ground in China.
Promoting the attack on Github as newsworthy has some potential for making
that work on the ground more difficult or impossible. It's as simple as a
business decision that reflects the greater profit tweets about presidential
contenders as the subject of journalism.

------
zerocored
DDoS attacks and similar things are of very little significance to people who
don't understand what they are. In their minds, all the damage is on virtual
space and nothing is real. And they're somehow sure that all the damage done
will be fixed soon.

~~~
UnoriginalGuy
Additionally a lot of non-tech people don't understand the cost implications
of a DDoS.

If companies really want the media to get on board then create a figure for
how many $/hour you're losing. Heck make a widget which counts upwards (e.g.
we've lost $25,000 due to this DDoS since the start).

The downside is it might just encourage the DDoS-ers, the upside is the media
might take it seriously.

~~~
oneeyedpigeon
I'm not sure _anyone_ understands the cost implications of a DDoS,
particularly one on a third-party service. Even if you absolutely need to make
a change to something that _has_ to be done by more than one collaborator and
_has_ to be deployed via github and it _has_ to be patched right now and
there's _really_ no other way, how do you go about estimating the losses
anyway? You can't just assume that whatever average income you would have
collected over the last 72 hours has been lost forever.

Is anyone out there even attempting to estimate how much revenue they've lost
as a result of this DDoS?

~~~
nateguchi
I'm sure a lot of companies have backup plans in place, for instance,
Bitbucket repo clones or an internal copy

------
chebureki
[http://www.wsj.com/articles/u-s-coding-website-github-hit-
wi...](http://www.wsj.com/articles/u-s-coding-website-github-hit-with-
cyberattack-1427638940)

------
websitescenes
DDoS attacks are very common. Every large web based company will deal with an
attack on this vector sooner or later and more than once. I think itwould be
an issue if we started considering every single instance as a foreign attack.

It seems to me like you trying to make a parallel to the Sony hacking. These
two instances are very different. The Sony hackers used a much more diverse
toolset to inflict damage on a number of different vectors.

~~~
blamarvt
All I'm trying to say is that this DDoS is pretty obviously being perpetrated
by the PRC. Regardless of the attack vector, isn't this an important global
political issue? Most attacks are carried out by fringe groups, and while I'm
sure governments carry out attacks like this all the time... normally they
aren't so obvious.

~~~
websitescenes
I think it would be relatively easy to obfuscate the origin of a DDoS attack.
Consider how easy it is to even spoof IP and MAC addresses. Now consider that
a typical attack of this scale is most likely utilizing a botnet. It's pretty
clear that much of the 'evidence' used in placing blame for attacks is just
unreliable.

------
gus_massa
Perhaps because non-programmers (aka civilians) don't know what GitHub is, and
it's difficult to explain.

Perhaps it's interesting to reframe in a language that affect most people:

"Linux development halted by ciberattack!!!"

That's not completely true and too linkbaity, especially with the three bang
sings. Is there another huge mainstream project hosted there?

Another linkbait:

"Hackers break hackers site!!!"

Not so appealing to most people, but you can exploit curiosity. Also, you'll
get a lot of complains about the incorrect use of the word "hackers" in both
positions.

~~~
chebureki
While it may be difficult to explain to civilians what Github is, the issues
of any government overreach into the Internet domain are easy to understand.
For instance, a state does not like particular content on the Internet. It
wants to force a company to get rid of it by attempting to hamper the
company's service. Google's clash in China over censorship has been wildly
covered by the media.

------
fma
Just have Buzzfeed cover it:

Top 10 ways to DDOS a code repository. Number 7 will surprise you.

Millions of people are now accessing github. Who they are will surprise you!

You've been DDOS wrong your whole life. Find out how to do it correctly.

Millions of people now unknowingly going to github. Find out who, and why you
might be too.

Also don't forget WhiteHouse has a github account...."WhiteHouse code
repository under attack by China"

~~~
fma
As a follow up, WSJ is covering it. [http://www.wsj.com/articles/u-s-coding-
website-github-hit-wi...](http://www.wsj.com/articles/u-s-coding-website-
github-hit-with-cyberattack-1427638940)

They beat BuzzFeed to it!

------
Iftheshoefits
One plausible reason: the story is a "slow burn" story that hasn't had time to
gain traction. Mainstream news acts more like an aggregator of information
that percolates out of various niche segments' echo chambers: give it time.

Another thing to consider: what is particularly newsworthy about it to the
general public? Software technology focused people would find this very news
worthy. I have little sympathy for a business of any size that uses github as
its primary repository: the most-current source should be maintained on an
internal server, in my opinion, and companies that require github to be fully
available to operate are doing it wrong. I mean one of the primary advantages
of a distributed repo is that there is a complete history for every node that
has synced with the most recent commit. There shouldn't be a strong dependence
on a central repo.

~~~
pyre
> There shouldn't be a strong dependence on a central repo.

Most groups are not setup like the Linux kernel where there is a "gatekeeper"
who is a person that directly pulls from other people's repos (or from commits
sent to an email list).

A central repository becomes "the truth" and once something is "the truth" it
becomes the person that wants to push their code to this repo to do the
merging. There is nothing about this that is inherent to Github in particular,
but telling everyone to change their "origin" remote to point somewhere else
can be an issue depending on how large your group is. And what if someone
manages to get a push to (e.g.) master through the Github DDoS before everyone
is on the new remote repo? Now Github and BackupRemote have branched, when you
really want BackupRemote to be a superset of the copy on Github.

------
smackfu
Because no one cares about GitHub. If it was Facebook...

~~~
coldcode
I wonder if you created a page on FB for GreatFire and promoted it what would
FB do? I imagine they are too big to be successfully DDOS'd but I would think
they could kiss China goodbye forever. So I imagine they would simply ban it.

~~~
burger_moon
After a quick google search, it looks like last year they were brought down
temporarily from what might have been a ddos.

[http://techcrunch.com/2014/06/21/heres-video-of-the-cyber-
at...](http://techcrunch.com/2014/06/21/heres-video-of-the-cyber-attack-that-
may-have-spurred-this-weeks-facebook-outage/)

~~~
pyre
I've heard that the outage was a screw-up by a junior programmer that was
accidentally given too much access to the system by his/her supervisor.
Apparently a bad configuration was applied to their servers. This seems to
match up with the official Facebook announcement linked in that article.

------
davewiner
The tech press should be covering it.

As should the net-based political press.

Never mind what "most people" care about -- this is news.

~~~
antonioevans
The "tech" press is pretty much buzzfeed-ish these days.

~~~
Squarel
Some of the tech press is covering it.

Gizmodo, slashdot, the register.

WashPo also had a blog, as did a few other non-tech sites.

The reason they don't show as Github specifically is because it is reported as
"Anti-censorship group is under DDOS"

------
brudgers
To a first approximation, nobody cares. Inside particular segments of the tech
community, lots of people care. But the tech community is very small on an
absolute scale and its segments even smaller.

The other group of people who care are those engaged in ongoing cyber warfare.
To them Github is probably not worth defending at the risk of escalating to a
wider cyber and economic conflict.

Even should US government cyber warefare assets attribute the attack directly
to an entity with a direct relationship to 中华人民共和国 diplomatic corps, why would
the US deploy assets to protect a company that is knowingly violating 中华人民共和国
policy? Github is neither required nor prohibited from hosting projects that
violate 中华人民共和国 foreign or domestic policy. It has made a business decision
for business reasons.

Don't get me wrong, I am not defending 中华人民共和国 policies in regard to the
dissemination of information and propaganda [or the US policies regarding the
same]. Nor am I criticizing or praising Github's business decisions. I am just
explaining what I believe is the case, not what I think should or should not
be the case.

~~~
fragsworth
The U.S. is obligated to protect and defend individuals and corporations that
don't violate _U.S._ policy. Not some foreign policy.

If the U.S. government is not going to protect us from this shit, then what is
the purpose of our military?

------
newshound00908
What is the attack? Who is effected? How much is the impact? When did it
start? Why is it being done? Answer those questions, create a blog post, and
send a link to that post to your local news, the national news and any outlet
focused on nationalism since it is China - think right wing political sites.
Make the job easy and this will get more coverage.

~~~
bostonpete
So if I want a news outlet to pay more attention to a particular issue, the
solution is to do the reporting myself and serve it up to them on a silver
platter? Maybe that's true, but it hardly seems practical in general, nor does
it answer the OP's question...

~~~
gus_massa
Essentially yes. If it's about your own business it's called PR:
[http://www.paulgraham.com/submarine.html](http://www.paulgraham.com/submarine.html)

------
tedunangst
What percentage of the medias audience cares about GitHub?

------
MarcScott
Mainstream media only ever report a few categories of story regarding the tech
industry.

\- Hackers stealing information

\- Billion dollar acquisitions

\- Harassment scandals

\- Apple announces anything

------
NelsonMinar
It took another day, but this attack has now hit the mainstream press. Some
examples: [http://www.wsj.com/articles/u-s-coding-website-github-hit-
wi...](http://www.wsj.com/articles/u-s-coding-website-github-hit-with-
cyberattack-1427638940) [http://www.cbc.ca/news/technology/github-coding-site-
hit-by-...](http://www.cbc.ca/news/technology/github-coding-site-hit-by-
cyberattack-1.3014644)
[http://www.ft.com/cms/s/0/740f727c-d699-11e4-97c3-00144feab7...](http://www.ft.com/cms/s/0/740f727c-d699-11e4-97c3-00144feab7de.html)
[http://www.theguardian.com/technology/2015/mar/30/github-
cle...](http://www.theguardian.com/technology/2015/mar/30/github-cleans-up-
cyber-attack) [http://www.independent.co.uk/life-style/gadgets-and-
tech/new...](http://www.independent.co.uk/life-style/gadgets-and-
tech/news/china-accused-of-launching-fourday-cyber-attack-on-us-coding-
website-github-10143392.html)

------
durabell
[http://www.theepochtimes.com/n3/1301111-anti-censorship-
gith...](http://www.theepochtimes.com/n3/1301111-anti-censorship-github-pages-
under-ddos-attack-from-china/)

[http://www.theverge.com/2015/3/27/8299555/github-china-
ddos-...](http://www.theverge.com/2015/3/27/8299555/github-china-ddos-
censorship-great-firewall)

[http://motherboard.vice.com/read/did-china-just-launch-a-
cyb...](http://motherboard.vice.com/read/did-china-just-launch-a-cyber-attack-
on-github)

It's getting wall to wall online coverage mate.

------
army
[http://www.wsj.com/articles/u-s-coding-website-github-hit-
wi...](http://www.wsj.com/articles/u-s-coding-website-github-hit-with-
cyberattack-1427638940)

~~~
ryan-c
Google search for the article - click the first link to get past the paywall.

[https://www.google.com/search?q=U.S.+Coding+Website+GitHub+H...](https://www.google.com/search?q=U.S.+Coding+Website+GitHub+Hit+With+Cyberattack&oq=x)

------
mobinni
Well maybe no one at Github is allowed to contact local news sources, and if
they can't get a quote or information from a reliable source at the company
they won't run the story I guess?

------
hutt
There's a Lack of relevance outside our filterbubble.

------
th0br0
Wouldn't such news coverage only worsen the problem? After all, the attackers
would receive a kind of confirmation of their goals.

~~~
yc1010
In this case the attack is motivated by desire to suppress knowledge of a
project hosted on Github, publicity is what they fear most...

Now to get back to the OPs question:

1\. Mainstream media might have too much to lose if they criticize China, just
like in many countries where property bubbles burst the mainstream media
suppressed any mention of bubble forming since they were making out like
bandits from advertising property, could be something similar happening here.

2\. The story is a non-story outside nerd circles, now if Facebook or Twitter
was being DDOSed your sure would hear about it since journalists do care about
these sites.

------
davidbranniganz
this article on paid russian trolls makes me wonder if the chinese are
employing the same tactic on this forum

[http://www.rferl.org/content/how-to-guide-russian-
trolling-t...](http://www.rferl.org/content/how-to-guide-russian-trolling-
trolls/26919999.html)

------
atmosx
Because it's totally irrelevant to someone who is not directly related, not to
just programming but Github.

I'd like to ask back some questions:

1) What makes you think it's a worthy topic?

2) What makes you think China or any _powerful group_ \- not sure in what
terms this group is supposed to be powerful - has anything to do with it?

------
slowpoison
It is, now. [http://www.nytimes.com/2015/03/31/technology/china-
appears-t...](http://www.nytimes.com/2015/03/31/technology/china-appears-to-
attack-github-by-diverting-web-traffic.html?ref=technology)

------
larrys
"Why is this not in the mainstream news? "

Ironically, you realize of course that if something is mainstream news (or any
news at all) then that's a trophy that creates a greater likelihood of future
copycat events happening. Notoriety is certainly part of the buzz of doing
something like this.

------
josephmx
It's a developer oriented site. Why would a non-developer care that it's down?
The main outlets want the attention of the majority - so we don't get alerts
when HN, Github, etc go down or get attacked but we do when Facebook drops for
15 minutes

~~~
blamarvt
If there was an attack on the distribution network of American manufacturer
would it matter what they produce? The precedent set by doing nothing
politically here is pretty scary to me!

(Of course, political conversations could be going on but not publicized.)

~~~
josephmx
That's a very different scenario than what's actually happening, and it's very
interesting that you jump to "American company, defend it!" instead of
pointing out that it's a valuable tool worldwide.

------
sammermpc
I'm sure it will be. Give them a minute. After all, I bet there are plenty of
media folks reading this thread. And plenty of media orgs use GitHub
themselves.

------
cubano
Because, simply, the ability for the Technorati to push and pull code from a
website does not an act-of-war make, no matter how you and I may view it.

It seems almost certain, however, that in the coming week, this story will be
told in the "mainstream news" (I don't really know what that is anymore tho,
TBH)

I am sure, when things shake out, the attacks will be used in some political-
posturing kind of way and by some politician who will judiciously use it to
drum up support among an interested group.

------
justinsb
Do we have any indication how big the attack is? If the attack volume isn't
very big, this isn't news.

------
martiuk
Who gives a crap about some dumb website for nerds. /s

------
haosdent
How about this title: China suck the Internet since March 27th !!!

------
rurban
WSJ picked it up

------
zkhalique
What github attack?

------
hnnewguy
> _Why is this not in the mainstream news?_

HackerNews, Reddit, Twitter, and Facebook aren't mainstream? I beg to differ.

If this event was reported on any other media, I'd have no idea that it was
occurring.

