China Great Cannon

The internet is now a hostile place – that is the finding of recent research into a cyber-attack on Github. Specifically, the researchers said the entire Chinese internet is now hostile. They say this because they have discovered a tool they have dubbed the Great Cannon.
GRTCorp-blog-The-Internet-Is-Now-A-Hostile-Place_0The Great Cannon differs from China’s Great Firewall in one key aspect – it is offensive rather than defensive. While the Great Firewall monitors and then disrupts, the Great Cannon actively seeks out and attacks targets. So far the only detected use of the Great Cannon was for the purpose of Chinese censorship but with minor changes it could also be used to, for example, take over the computer of a particular target.
On PCWorld reporter Loek Essers explains how the Great Cannon works. In the published case it exploited unencrypted content on the search engine Baidu, but in theory it could have used any Chinese service. In this attack it also only targeted non-Chinese web users. The vast majority of these users (98%) were served unaltered Baidu content but in 1.75% of cases the Great Cannon stepped in and served something else – instructions to the user’s browser to execute a denial of service attack.
The Great Cannon was identified by researchers at the University of California, Berkeley, and the University of Toronto. The attack they observed targeted the organization GreatFire. According to its website it “brings transparency to the Great Firewall of China”.
The Great Cannon first targeted GreatFire’s Amazon CloudFront. This was not successful, primarily because of a technique used by GreatFire to get around Chinese censorship. It hosts content like the Chinese language version of the New York Times on encrypted services that have domains that are not memorable. It then hosts instructions for how to access this content on Github.
So the Great Cannon changed the instructions it was giving to the browsers of Baidu users. This instruction was to launch a denial of service attack on Github’s servers – if users could not get the instructions they could not access the content, so Chinese censorship objectives would be achieved. It lasted for several days during April. The Great Cannon has been silent ever since.
So who was behind the attack? The researchers looked at this question too and found that the Great Cannon shares code with the Great Firewall. They also discovered that it shares the same network location – on the backbone of the Chinese internet. The researchers made the assumption that hackers are unlikely to have access to either the code of the Great Firewall or its network location. From this they reached the conclusion that the Chinese government is likely to be behind the Great Cannon.
Whoever is behind the attack it has highlight the importance of encryption on the modern web. Cryptographically strong web protocols like HTTPS are now essential.
The security principles set forth in industry standard ISO/IEC 27002 provide a framework for effective security, built around the cycle of Plan, Do, Check, and Act (PDCA). Many good security products are on the market, but all are designed to meet specific threats – and will not block other threats. At GRT Corp. our security philosophy is built around these words by noted security expert Dr. Bruce Schneier: “Security is not a product, but a process.”

Related Posts