Great Cannon

China Has ‘Great Cannon’ Capable of Delivering Malware to Targeted IP Address

1 comment

China now has a new weapon in the arsenal of tools used by the government to censor and block information on the internet from penetrating it’s “Great Firewall.” The new tool, deemed the “Great Cannon” represents “a significant escalation in state-level information control: the normalization of widespread use of an attack tool to enforce censorship by weaponizing users,” according to a report released Friday by researchers at the Munk School of Global Affairs in Toronto.

Large scale attacks over the last month aimed at, a non-profit organization dedicated to fighting censorship in China and two it’s GitHub pages were perpetrated by a new offensive system utilizing DDoS type attacks. GitHub called the attacks the largest in it’s history and identified China as the source.

The news of a new weapon in China’s battle against the internet is not surprising.

“China’s long-term goal is to make the Internet act like an intranet, cutting off access to all encrypted sites, so that government bureaucrats can tap into anything that anyone is saying, at any time,” one foreign IT executive who wished to remain anonymous told the Washington Post.

Until now, the infamous “Great Firewall” has been used to block internet traffic that the Chinese government deems objectionable. Now the Great Cannon is being used for DDoS attacks aimed directly at a site rather than simply blocking traffic.

The researchers say the capability to exploit by IP address is also a possibility. “A technically simple change in the Great Cannon’s configuration, switching to operating on traffic from a specific IP address rather than to a specific address, would allow its operator to deliver malware to targeted individuals who communicates with any Chinese server not employing cryptographic protections.”

The researchers believe there is “compelling evidence” that the Chinese government is responsible for the GC although China has deflected questions about the attack.

China has recently been criticized for its internet and technology policies. According to a former NSA director, every major corporation in America has been hacked by China.

Great Cannon

Great Cannon

In January the government began getting even more aggressive with its censorship efforts by blocking even more VPN connections and and implementing banking rules that would require source code for computing and networking equipment to be turned over to officials. The US government got involved to try to curb these restrictions in China that seem to unfairly target US tech companies.

An anti-terror bill forcing companies to hand over encryptions keys is also under consideration and Google blacklisted digital certificates issued by the China Internet Network Information Center (CNNIC) on Chrome following the discovery that unauthorized certificates for Google domains could be traced back to China’s main certificate authority, and manager of the .cn domain.

The researchers tested two internet links from two different Chinese ISPs. In both cases the Great Cannon was colocated within the Great Firewall. According to the report, “This co-location across different ISPs strongly suggests a governmental actor.” There is also some shared source code between the two for a TTL side-channel.

In comparison to the Great Firewall, the Cannon is a weak censorship method. The researchers concluded the real purpose of the Cannon is to “inject traffic under specific targeted circumstances, not to censor traffic.” The Great Cannon can launch DDoS attacks on machines that the government deems to have political leanings in opposition to its own. Since GreatFire provides proxies to bypass the Great Firewall using encrypted connections to Amazon’s CloudFront service, the Cyberspace Administration of China has called GreatFire a “foreign anti-Chinese organization.”

The policy implications for using this type of tactic are significant. “Deploying the Great Cannon is a major shift in tactics, and has a highly visible impact. It is likely that this attack, with its potential for political backlash,28 would require the approval of high-level authorities within the Chinese government. These authorities may include the State Internet Information Office (SIIO),29 which is responsible for Internet censorship,” said the researchers. “It is also possible that the top body for cybersecurity coordination in China, the Cybersecurity and Informatization Leading Group (CILG),30 would have been involved.



Add Your Comments

  • (will not be published)

One Comment

  1. DoktorThomas™

    The model for web oppression has been born. Coming to an ISP dear to your computer. ©2015