Most of us might have heard about the strict Internet censorship of China conducted by the Great Firewall, which bans all web requests that threaten their democracy. The browser either shows a blank page or a reminder about the censorship. However, not so long ago researchers found that China is deploying a tool, called the Great Cannon, which is used by the government to carry out DDoS ( Distributed Denial of Service ) attack against websites that post anti-censorship content and other tools that can fool the system allowing Chinese people to visit Western websites, like GitHub. Furthermore, it has been found that the Great Cannon is co-located with the Great Firewall of China, though has a different style and infrastructure and is indeed an offensive system.
It is a form of man-in-the-middle attack, which means that it sits between the web server and the end user and can purposefully redirect and hijack the unencrypted traffic made by the user in order to attack target webpages to bring down their servers.
The Great Cannon catches a small percentage of the requests directed to Baidu ( popular browser for Chinese ) that fall into its target IP list, containing the required script requests. In case of almost 2 % of all Web requests it decides to drop the request, and in response, sends a malicious Javascript triggering the IP to participate in the DDoS attack.
Researchers of University of Toronto, University of Berkeley, California and International Computer Science Institute (ICSI) detected that the Great Cannon could have been easily used to exploit Web browser vulnerabilities. Nicholas Weaver, the researcher of ICSI, reported the following about the possible misuse of the system: “With a minor tweak in the code, they could have provided exploits to targeted [Internet addresses], so that instead of intercepting all traffic to Baidu, they would serve malware attacks to those visitors”
One may think that this surveillance method is unique to China, although, we must note that there are other systems which were designed for the same purpose. For instance, by the US National Security Agency and its British counterpart, that are known as secret Internet backbone nodes called, QUANTUM. It very much resembles to the Great Cannon, because these are also state-operated mechanisms aiming to manipulate Internet traffic and use it for DoSing.
It is a popular website among programmers that provides source codes for varied programming purposes. The Great Cannon carried out a targeted attack specifically to GitHub’s two projects, called “CN-NYTimes” and „GreatFire.org”. CN-NYTimes allows people of China to access diverse news related sites that are blocked by the Great Firewall. The GreatFire.org is a tool that makes Chinese people able to fool the Great Firewall so they will able to access blocked sites.
According to Business Insider, the Great Cannon is a new and disturbing cyberweapon that enables the Chinese government to traverse borders and carry out destructive assaults on targeted websites. It is not unknown that they have been already participating in cyberespionage, and aggressive campaigning against military and other commercial or government targets worldwide, but there is still something threatening in the whole idea. If China is now able to deploy such attacks, what will be their next step? However, it is not only China who is thought to have been involved in such cybercrimes. North Korea is believed to have struck across borders and attacked Sony Pictures Entertainment last year.
Xi Jinping, Chinese Communist President elected in 2012, has tightened his grip on freedom activists and many Chinese individuals report that they feel the effects of his repressive tactics, as he responds to new threats with stricter control rather than experimenting with newer and more liberal solutions. What is more, he is renowned of his suspicious opinion on the US, and is convinced that American IT companies, like Intel and Google, are involved in governmental activities.
