China’s Great Cannon uses Web traffic for DDoS attacks

Nikoletta Szabo

Most of us might have heard about the strict Internet censorship of China conducted by the Great Firewall, which bans all web requests that threaten their democracy. The browser either shows a blank page or a reminder about the censorship. However, not so long ago researchers found that China is deploying a tool, called the Great Cannon, which is used by the government to carry out DDoS ( Distributed Denial of Service ) attack against websites that post anti-censorship content and other tools that can fool the system allowing Chinese people to visit Western websites, like GitHub. Furthermore, it has been found that the Great Cannon is co-located with the Great Firewall of China, though has a different style and infrastructure and is indeed an offensive system.

 

china

 

 

The procedure

It is a form of man-in-the-middle attack, which means that it sits between the web server and the end user and can purposefully redirect and hijack the unencrypted traffic made by the user in order to attack target webpages to bring down their servers.

The Great Cannon catches a small percentage of the requests directed to Baidu ( popular browser for Chinese ) that fall into its target IP list, containing the required script requests. In case of almost 2 % of all Web requests it decides to drop the request, and in response, sends a malicious Javascript triggering the IP to participate in the DDoS attack. 

Researchers of University of Toronto, University of Berkeley, California and International Computer Science Institute (ICSI) detected that the Great Cannon could have been easily used to exploit Web browser vulnerabilities. Nicholas Weaver, the researcher of ICSI, reported the following about the possible misuse of the system: “With a minor tweak in the code, they could have provided exploits to targeted [Internet addresses], so that instead of intercepting all traffic to Baidu, they would serve malware attacks to those visitors”

One may think that this surveillance method is unique to China, although, we must note that there are other systems which were designed for the same purpose. For instance, by the US National Security Agency and its British counterpart, that are known as secret Internet backbone nodes called, QUANTUM. It very much resembles to the Great Cannon, because these are also state-operated mechanisms aiming to manipulate Internet traffic and use it for DoSing.

 

 

cannon

 

 

 

Why GitHub?

It is a popular website among programmers that provides source codes for varied programming purposes. The Great Cannon carried out a targeted attack specifically to GitHub’s two projects, called “CN-NYTimes” and „GreatFire.org”. CN-NYTimes allows people of China to access diverse news related sites that are blocked by the Great Firewall. The GreatFire.org is a tool that makes Chinese people able to fool the Great Firewall so they will able to access blocked sites.

 

According to Business Insider, the Great Cannon is a new and disturbing cyberweapon that enables the Chinese government to traverse borders and carry out destructive assaults on targeted websites.  It is not unknown that they have been already participating in cyberespionage, and aggressive campaigning against military and other commercial or government targets worldwide, but there is still something threatening in the whole idea. If China is now able to deploy such attacks, what will be their next step? However, it is not only China who is thought to have been involved in such cybercrimes. North Korea is believed to have struck across borders and attacked Sony Pictures Entertainment last year.

Governmental Suspicion

Xi Jinping, Chinese Communist President elected in 2012, has tightened his grip on freedom activists and many Chinese individuals report that they feel the effects of his repressive tactics, as he responds to new threats with stricter control rather than experimenting with newer and more liberal solutions. What is more, he is renowned of his suspicious opinion on the US, and is convinced that American IT companies, like Intel and Google, are involved in governmental activities.

 

Share your ideas with us about this article

Previous posts

Fix your log rotate rules and eliminate high load
One of our developers has encountered with an issue deriving from the usual process of system upgrade, ocurring in case of rpm-based systems, while configuring one of our clients’ software. It’s reasons and solution are pretty understandable and easy, but still may affect more of our customers without their awareness to it. The Story One of our clients asked us to configure BitNinja for them. After our developer almost finished with the task, he realized that the load on the server is unusually high. While he was digging deeper into this, he found the causes of the problem that may o...
Malware Museum
Today’s malwares are designed to be silent, unnoticeable and effective without drawing the attention of users to their maleficent activities. They steal our credit card and personal details without us realizing it. Although, it was not always the popular way to infect servers/computers. A couple of decades ago viruses usually featured colorful pictures, scrambled codes or even a statement on the corruption of your computer.       Mikko Hermanni Hyppönen, a Finnish chief resource officer has recently collected the viruses from the 1980’s and 1990’s and put them to...