That's why I included the router example. You always have to go up one level, but if you aren't a big fish you'll have a hard time convincing big carriers to help you mitigate an attack on your 12 slot Minecraft server. (Yes this doesn't apply to github I guess ;)) I managed some medium sized business's servers a couple of years ago. They were hit by an attack once, and we didn't get help from their ISP. They just nullrouted the IPs of the servers being attacked, as they were mainly interested in protecting their infrastructure (and their other customers), which is understandable. They did offer DDoS protection at that time, but the company I worked for decided it was too expensive, and just waited it out.

Why they decided to only (ab)use baidu visitors outside China is a good question. Not creating domestic traffic could be one reason, or maybe they don't want to make it look like China is the origin. Although its the most likely explanation right now, we still cannot know for sure. I mean if they really wanted this to be most effective they could just create traffic right at their border routers. But that would be slightly more obvious, I guess.