It's dubbed the "Great Cannon," and it's China's new offensive digital weapon capable of shutting down Web sites across the globe, according to a report released Friday. The weapon has already been implicated in two attacks made last month on systems located outside China.
Escalating the War
Researchers who analyzed the new system described it as “a significant escalation in state-level information control: the normalization of widespread use of an attack tool to enforce censorship by weaponizing users.” The report is the work of the Citizen Lab, an interdisciplinary laboratory based at the University of Toronto focusing on information technology. Researchers at Princeton and the University of California, Berkeley, also collaborated on the report.
The Great Cannon is able to manipulate the traffic of “bystander” systems outside China, silently programming their browsers to create massive DDoS attacks. “The Great Cannon is not simply an extension of the Great Firewall, but a distinct attack tool that hijacks traffic to (or presumably from) individual IP addresses, and can arbitrarily replace unencrypted content as a man-in-the-middle,” the Citizen Lab reported.
The Great Firewall works by spying on traffic between systems located in China and others located abroad, and terminating requests for banned content by injecting forged TCP reset packages that tell the two systems to stop communicating with each other. The Great Cannon, on the other hand, does not actively monitor all traffic, but only focuses on traffic to specific sets of IP addresses.
A Powerful New Weapon
The Citizen Lab said that the Great Cannon is co-located with the Great Firewall, and both use similar source code. Those two facts strongly suggest that the Chinese government is behind the attacks. China has also previously described GreatFire, one of the Great Cannon’s targets, as a “foreign anti-Chinese organization.”
GitHub, meanwhile, has repositories of software that help users circumvent censorship technology. China had previously blocked GitHub, but was forced to backtrack after negative reactions from local programmers.
The true significance of the Great Cannon may yet to be realized, according to the Citizen Lab. The Cannon’s ability to mount attacks by IP addresses could represent a major new ability to launch cyberattacks. Specifically, it can deliver malware to targeted individuals who communicate with any Chinese server that is not employing cryptographic protections. Targets would not necessarily realize that their computers were communicating with Chinese servers, as non-Chinese Web sites located outside China could (for example) serve ads ultimately sourced from Chinese servers.
It would also be straightforward for China to intercept unencrypted e-mails to or from target IP addresses and undetectably replace any legitimate attachments with malicious payloads, manipulating e-mails sent from China to outside destinations.
Those capabilities put the Chinese government in the company of the only other two organizations known to have tampered with unencrypted Internet traffic to control information or launch attacks: the NSA (National Security Agency) and its U.K. counterpart, the GCHQ (Government Communications Headquarters).
Posted: 2015-04-10 @ 5:49pm PT
Wall and cannon, looks like a medieval scene