The attack against GitHub was enabled by tampering with traffic to unrelated Chinese websites. The attack targeted two projects that specialize in anti-censorship tools. The EFF and other privacy groups have been advocating for some time that all websites move to HTTPS. The Chinese government could force Baidu to turn over the private keys it uses to encrypt traffic, the group says. The government could also force Baida to deliver the malicious code, an EFF engineer says, but it’s not implicated in the attack.”]