Late one Wednesday in March 2015, an alarm sounded in the offices of GitHub, a San Francisco–based software firm. The company’s offices exemplified the kind of Scandinavia-meets-soullessness style that has spread out from Silicon Valley to take over modern workplaces: exposed wood, open spaces, and lots of natural light. Most employees were preparing to leave, if they hadn’t already. Outside, the sun had started to set and it was balmy and clear.

Alarms weren’t uncommon at GitHub. The company claims to maintain the largest repository of computer code in the world. It had some 14 million users at the time, and prides itself on maintaining its service and staying online. GitHub’s core product is a set of editing tools that allow large numbers of programmers to collaborate on software and keep track of changes as bugs are fixed. In October 2018, Microsoft would buy it for $7.5 billion.

Back in 2015, though, GitHub was still an up-and-coming, independent company whose success came from making it considerably easier for other people to create computer software. The first alarm indicated there was a large amount of incoming traffic to several projects stored on GitHub. This could be innocent—maybe a company had just launched a big new update—or something more sinister. Depending on how the traffic was clustered, more alarms would sound if the sudden influx was impacting service sitewide. The alarms sounded. GitHub was being DDoS-ed.

One of the most frequent causes of any website going down is a sharp spike in traffic. Servers get overwhelmed with requests, causing them to crash or slow to a torturous grind. Sometimes this happens simply because the website suddenly becomes popular. Other times, as in a distributed denial of service (DDoS) attack, the spike is maliciously engineered. In recent years, such attacks have grown more common: hackers have taken to infecting large numbers of computers with viruses, which they then use to take control of the computers, enlisting them in the DDoS attack.

“We are currently experiencing the largest DDoS attack in GitHub’s history,” senior developer Jesse Newland wrote in a blog post almost 24 hours after the attack had begun. Over the next five days, as engineers spent 120 hours combating the attack, GitHub went down nine times. It was like a hydra: every time the team thought they had a handle on it, the attack adapted and redoubled its efforts. GitHub wouldn’t comment on the record, but a team member who spoke to me anonymously said it was “very obvious that this was something we’d never seen before.”

In the company’s internal chat room, GitHub engineers realized they would be tackling the attack “for some time.” As the hours stretched into days, it became something of a competition between the GitHub engineers and whoever was on the other end of the attack. Working long, frantic shifts, the team didn’t have much time to speculate about the attackers’ identity. As rumors abounded online, GitHub would only say, “We believe the intent of this attack is to convince us to remove a specific class of content.” About a 20-minute drive away, across San Francisco Bay, Nicholas Weaver thought he knew the culprit: China.

Weaver is a network-security expert at the International Computer Science Institute, a research center in Berkeley, California. Together with other researchers, he helped pinpoint the targets of the attack: two GitHub-hosted projects connected to GreatFire.org, a China-based anti-censorship organization. The two projects enabled users in China to visit both GreatFire’s website and the Chinese-language version of the New York Times, both of which are normally inaccessible to users in China. GreatFire, dubbed a “foreign anti-Chinese organization” by the Cyberspace Administration of China, had long been a target of DDoS and hacking attacks, which is why it moved some of its services to GitHub, where they were nominally out of harm’s way.

Not only was China blocking bits and bytes of data that were trying to make their way into China, but it was also channeling the flow of data out of China.

Weaver found something new and worrisome when he examined the attack. In a paper coauthored with researchers at Citizen Lab, an activist and research group at the University of Toronto, Weaver described a new Chinese cyberweapon that he dubbed the “Great Cannon.” The “Great Firewall” — an elaborate scheme of interrelated technologies for censoring internet content coming from outside China—was already well-known. Weaver and the Citizen Lab researchers found that not only was China blocking bits and bytes of data that were trying to make their way into China, but it was also channeling the flow of data out of China.

Whoever was controlling the Great Cannon would use it to selectively insert malicious JavaScript code into search queries and advertisements served by Baidu, a popular Chinese search engine. That code then directed enormous amounts of traffic to the cannon’s targets. By sending a number of requests to the servers from which the Great Cannon was directing traffic, the researchers were able to piece together how it behaved and gain insight into its inner workings. The cannon could also be used for other malware attacks besides denial-of-service attacks. It was a powerful new tool: “Deploying the Great Cannon is a major shift in tactics, and has a highly visible impact,” Weaver and his coauthors wrote.

The attack went on for days. The Citizen Lab team said they were able to observe its effects for two weeks after GitHub’s alarms first went off. Afterward, as the GitHub developers struggled to make sense of the attack and come up with a road map for future incidents, there was confusion within the cybersecurity community. Why had China launched so public an attack, in such a blunt fashion? “It was overkill,” Weaver told me. “They kept the attack going long after it had ceased working.”

It was a message: a shot across the bow from the architects of the Great Firewall, who—having conquered the internet at home—were now increasingly taking aim overseas, unwilling to brook challenges to their system of control and censorship, no matter where they came from.

The GitHub attack was a rare public display of the attacking power of China’s cyber state, which usually preferred to exercise its capabilities behind the scenes. Some of those capabilities were discovered, by chance, in January 2009.

In the attic of a grand old red brick building in the middle of the University of Toronto campus, just north of the city center, Nart Villeneuve stared at his computer screen in disbelief. Villeneuve was a graduate student at the university and a researcher at Citizen Lab. He had been tracking a sophisticated cyber-espionage group that was infiltrating computers, e-mail accounts, and servers around the world, spying on their users and contents. The attackers had carefully tailored so-called spear-phishing e-mails to appear to be from targets’ friends and colleagues, convincing people to download malware onto their machines and unknowingly open themselves up for surveillance. The campaign was advanced, but its creators also appeared to have done something quite stupid.

Villeneuve picked up his phone and rang Ron Deibert, his supervisor and the founder of Citizen Lab.

As Deibert recounts in his book Black Code: Inside the Battle for Cyberspace, Villeneuve had discovered a command-and-control server for malware that had spread widely around the internet.

“I’m in,” Villeneuve whispered into his phone.

Their investigation had begun months earlier in Dharamsala, an Indian city that the Dalai Lama had fled to in 1959, which is now the center of the Tibetan exile community. Greg Walton, a Citizen Lab field researcher, had been visiting the area for years. In the late 1990s and early 2000s, Walton helped expand on the work done by the two previous Tibetan internet pioneers, Dan Haig and Thubten Samdup, who helped connect Dharamsala to the World Wide Web at a time when the rest of India was barely wired up. Walton built websites for various NGOs and government departments, taught computer classes, and helped people set up e-mail accounts. Looking back, he realized they were all too caught up in the benefits of the internet, and its ability to connect and unite the increasingly spread-out Tibetan diaspora, to think of the downsides. Though the early days were tough and the technology rickety, the internet quickly took hold in Dharamsala. Little concern was given to security.

These new warnings were much more effective—and creepy—because they were sent to foreign leaders when plans hadn’t been publicly revealed.

Downsides to Tibet’s early adoption of the internet quickly became apparent. The Chinese government would send angry missives to foreign leaders as they tried to set up meetings with the Dalai Lama, before the events were even announced. The Chinese government had long publicly objected to any engagement with “separatists.” But as people within the Tibetan community told me, these new warnings were much more effective—and creepy—because they were sent to foreign leaders when plans hadn’t been publicly revealed. The Chinese government wanted all concerned to know that they were listening.

Diaspora Tibetans who crossed into Chinese-controlled territory were detained at the border and interrogated. If they tried to deny involvement in politics, their own e-mails were presented as evidence. One woman who worked on an outreach program in Dharamsala that received funding from the US-government-backed Voice of America was crossing into Tibet from Nepal when she was stopped by Chinese police. She was presented with printouts of her private communications with people inside Chinese-controlled Tibet. Another woman, an American scholar living in Beijing, received an invitation “to tea” with security officials, a semi-regular occurrence for anyone dealing with sensitive issues in China. Asked for her e-mail, she gave the security officials a dummy account she didn’t use for anything else; two days later, someone attempted to hack that address.

Back in Dharamsala, computer after computer was disabled by aggressive malware designed not to spy, but to sabotage.

Clearly someone was targeting Tibetans. All signs pointed to China, but the source of the operation was unclear. Were the Tibetans being targeted by the security services, by the military, by so-called “patriotic hackers,” or by a combination of all three?

Working together with Tibetan security experts, Walton began collecting samples of sketchy e-mails and malware. One of those local experts was Lobsang Gyatso Sither. Sither was born in Dharamsala in 1982, one of a generation of exiles who have never lived in Tibet. He studied computer science in India and the UK, and had largely left Dharamsala behind when he met Walton in London in the late 2000s and learned about the targeting of Tibetans. He returned with Walton to the Himalayas, and the two began working with the Dalai Lama’s office, and any other obvious target, to counter hacks and cyberattacks.

In the beginning, the attacks were fairly unsophisticated: e-mails in broken English would encourage users to run executable files. Alone, they would not have generated too much alarm, but as Walton, Sither, and others gathered more and more samples, they began to see the scale of the campaign. The entire community was being targeted, even though most would have been of little interest to hackers, Sither told me.

Even individuals not immediately related to a key target can be useful for hackers. Like police prosecuting a mob case, hackers can move up the chain, using compromised accounts to go after the ultimate targets and their associates with more believable phishing attacks.

The attackers were closely monitoring the success of their operation. When a major educational campaign was launched to encourage Tibetans not to open attachments and instead to rely on cloud-based services like Google Drive to share documents, new malware quickly appeared. It specifically targeted the services the educational campaign had recommended.

Before Villeneuve’s discovery of the command-and-control server, the team had only been able to track the targets of the malware campaign—not the attackers themselves. Now Villeneuve could see exactly what the attackers were doing on the computers they accessed. The primary weapon in the hackers’ toolkit was a single piece of malware, originally developed by Chinese programmers and later ported into English, called the Gh0st Remote Administration Tool, or Gh0st Rat.

Through their investigations in Dharamsala, the Citizen Lab team was able to see that the malware targeting Tibetans was communicating with servers based in Hainan, a southern Chinese island. The hack targeted military officials, legislators, journalists, and hundreds of others in Dharamsala, across India, and elsewhere in Asia, all of whose activity was surveilled by the hackers. “Almost certainly,” the team wrote in its report, “documents are being removed without the targets’ knowledge, keystrokes logged, web cameras are being silently triggered, and audio inputs surreptitiously activated.” While Citizen Lab could not say definitively who was behind the hack, the report concluded that most likely “this set of high profile targets has been exploited by the Chinese state for military and strategic-intelligence purposes.”

The report reached this conclusion because the island of Hainan hosted the Lingshui signals intelligence facility and a division of the Third Technical Department of the People’s Liberation Army, a Chinese counterpart to the National Security Agency. GhostNet, as the Citizen Lab team dubbed the hack, was among the earliest signs of the alleged hacking capabilities of the PLA. Within years, the FBI would indict several leading military officials for targeting US companies and institutions, for both industrial and military espionage. The PLA was also blamed for a hack of the Office of Personnel Management (OPM), a large federal human-resources agency, which compromised the personal data of up to 18 million current, former, and prospective federal employees.

The OPM hack was publicly announced in June 2015. A few months later President Barack Obama hosted Chinese leader Xi Jinping at the White House, where the two men signed a bilateral agreement promising “that neither country’s government will conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential information.” The deal was a big diplomatic win for Obama as he neared the end of his second term, and initial signs of progress were good, but proper scrutiny was largely undercut by the 2016 US election and ensuing furor over alleged Russian hacking of the Democratic Party. As concerns about shadowy hackers undermining American institutions shifted from Beijing to Moscow, less attention was paid to the role of the Chinese government in future attacks.

In the meantime, hackers continue to target the Tibetan exile community, and those in the diaspora continue to fight back. In classrooms and meeting halls across Dharamsala, Sither and other security experts conduct workshops on e-mail encryption, secure messaging apps, and other ways to stay safe online. The people Sither works with generally respond to the constant cyber-threat in one of two ways: ambivalence or paranoia. Both responses frustrate him. Some people are adamant that they have “nothing to hide”; but if their accounts are compromised, it could affect those who very much do have things they’d like to hide from the Chinese government. Others are so freaked out by the idea that Chinese spies are watching that they don’t get any work done: exactly the type of chilling effect the censors were hoping for. “We try to find the balance between security and not getting people too scared,” Sither told me. “It’s a challenge sometimes.”

Many thought the internet would bring democracy to China. Instead it has empowered government surveillance and control beyond Mao Zedong’s dreams.

GitHub and Tibetans like Lobsang Sither were among the first victims on a new front in China’s war on the internet, launched by a new breed of censor determined to go after the country’s enemies wherever they might be, using whatever means necessary.

In December it was reported that a hack of the international hotel chain Marriott was carried out by Chinese actors in 2014. The Marriott breach was publicly announced some four years after it took place. Many more attacks have likely not yet been publicly acknowledged, because companies are keeping problems under wraps so as to not damage relations with China.

Marriott has also borne the brunt of another Chinese censorship campaign. In January 2018, Marriott’s website was blocked in China, and the company was forced to issue a humiliating apology, after it listed Tibet and Hong Kong as separate countries on a form. Emboldened by their success in dictating terms to Marriott, Chinese officials have gone after airlines and other companies over issues such as “misidentifying” Taiwan.

Many thought the internet would bring democracy to China. Instead it has empowered government surveillance and control beyond Mao Zedong’s dreams. Now, the censors are turning their attention to the rest of the world.