China’s attack on Github earlier this year is creating international cyber norms thanks to the lack of any substantive retaliation by the US government (emphasis added):

By that measure, the United States has been establishing plenty of norms lately. After accusing North Korea of seeking to censor Sony with a cyberattack, the US announced meaningless sanctions; there’s no sign that the US has found, let alone frozen, any of the secretive North Korea’s intelligence agency’s assets. Similarly, even though the US director of national intelligence long ago attributed the OPM hack to China, the National Security Council continues to dither about whether and how to retaliate.

When it comes to setting new norms through inaction, though, the most troubling incident is China’s denial of service attack on GitHub. Like lots of US tech successes, GitHub didn’t exist ten years ago, but it is now valued at more than $2 billion. Its value comes from creating a collaborative environment where software can be edited by dozens or hundreds of people around the world. Making information freely available is the core of its business. So when the Chinese government decided to block access to the New York Times, the paper provided access to Chinese readers via GitHub. China then tried to block GitHub, as it had the Times. But if Chinese programmers can’t access GitHub, they can’t do their jobs. The outcry from Chinese tech companies forced the Chinese government to drop its block within days.

It was a victory for free speech. Or so you’d think. But the Chinese didn’t give up that easily. They went looking for another way to punish GitHub. And found it. Earlier this year, GitHub was soon hit with a massive distributed denial of service attack. Computers in the US, Taiwan, and Hong Kong sent waves of meaningless requests to GitHub, swamping its servers and causing intermittent outages for days. The company’s IT costs skyrocketed. A similar attack was launched against Greatfire.org, a technically sophisticated anticensorship site.

A Citizens Lab report shows that this denial of service attack was actually a pathbreaking new use of China’s censorship infrastructure. Over the years, China has built a “Great Firewall” that interrupts every single internet communication between China and the rest of the world. Up to now, China has used that infrastructure to inspect Chinese users’ requests for content from abroad. Uncontroversial requests are allowed to proceed after inspection. But most requests for censored information trigger a reset signal that cuts the connection. The same infrastructure could be used to inspect foreign requests for data from Chinese sites but there’s no obvious need to do so because the Chinese sites are already under the government’s thumb.