Great Cannon

Last updated

The Great Cannon of China is an Internet attack tool that is used by the Chinese government to launch distributed denial-of-service attacks on websites by performing a man-in-the-middle attack on large amounts of web traffic and injecting code which causes the end-user's web browsers to flood traffic to targeted websites. [1] According to the researchers at the Citizen Lab, the International Computer Science Institute, and Princeton University's Center for Information Technology Policy, who coined the term, the Great Cannon hijacks foreign web traffic intended for Chinese websites and re-purposes them to flood targeted web servers with enormous amounts of traffic in an attempt to disrupt their operations. While it is co-located with the Great Firewall, the Great Cannon is "a separate offensive system, with different capabilities and design." [2]

Contents

Besides launching denial-of-service attacks, the tool is also capable of monitoring web traffic [3] and distributing malware in targeted attacks in ways that are similar to the Quantum Insert system used by the U.S. National Security Agency. [4]

Mechanism

The Great Cannon hijacks insecure traffic inbound to servers within the Great Firewall, and injects JavaScript that redirects that traffic to the target. [5] These attacks fail when websites have HTTPS encryption. [6]

Known uses

The first known targets of the Great Cannon (in late March 2015) were websites hosting censorship-evading tools, including GitHub, a web-based code hosting service, and GreatFire, a service monitoring blocked websites in China. [7]

In 2017, the Great Cannon was used to attack the Mingjing News website. [8]

As of December 2019, the Great Cannon was being used to attempt to take down the Hong Kong–based LIHKG online forum, even though the Basic Law of Hong Kong clearly states that Hong Kong's internet is the affairs of Hong Kong and Hong Kong only. [8]

Reaction

Quartz reported that the 2015 GitHub attack caused "severe" political problems for China, including the United States Department of State viewing it as "an attack against US infrastructure". [9]

See also

Related Research Articles

China censors both the publishing and viewing of online material. Many controversial events are censored from news coverage, preventing many Chinese citizens from knowing about the actions of their government, and severely restricting freedom of the press. China's censorship includes the complete blockage of various websites, apps, and video games, inspiring the policy's nickname, the Great Firewall of China, which blocks websites. Methods used to block websites and pages include DNS spoofing, blocking access to IP addresses, analyzing and filtering URLs, packet inspection, and resetting connections.

The Great Firewall is the combination of legislative actions and technologies enforced by the People's Republic of China to regulate the Internet domestically. Its role in internet censorship in China is to block access to selected foreign websites and to slow down cross-border internet traffic. The Great Firewall operates by checking transmission control protocol (TCP) packets for keywords or sensitive words. If the keywords or sensitive words appear in the TCP packets, access will be closed. If one link is closed, more links from the same machine will be blocked by the Great Firewall. The effect includes: limiting access to foreign information sources, blocking foreign internet tools and mobile apps, and requiring foreign companies to adapt to domestic regulations.

The OpenNet Initiative (ONI) was a joint project whose goal was to monitor and report on internet filtering and surveillance practices by nations. Started in 2002, the project employed a number of technical means, as well as an international network of investigators, to determine the extent and nature of government-run internet filtering programs. Participating academic institutions included the Citizen Lab at the Munk Centre for International Studies, University of Toronto; Berkman Center for Internet & Society at Harvard Law School; the Oxford Internet Institute (OII) at University of Oxford; and, The SecDev Group, which took over from the Advanced Network Research Group at the Cambridge Security Programme, University of Cambridge.

<span class="mw-page-title-main">Google China</span> Chinese subsidiary of Google

Google China is a subsidiary of Google. Once a popular search engine, most services offered by Google China were blocked by the Great Firewall in the People's Republic of China. In 2010, searching via all Google search sites, including Google Mobile, was moved from mainland China to Hong Kong.

<span class="mw-page-title-main">Psiphon</span> Free and open-source internet circumvention tool

Psiphon is a free and open-source Internet censorship circumvention tool that uses a combination of secure communication and obfuscation technologies, such as a VPN, SSH, and a Web proxy. Psiphon is a centrally managed and geographically diverse network of thousands of proxy servers, using a performance-oriented, single- and multi-hop routing architecture.

Censorship in the People's Republic of China (PRC) is mandated by the country's ruling party, the Chinese Communist Party (CCP). It is one of the strictest censorship regimes in the world. The government censors content for mainly political reasons, such as curtailing political opposition, and censoring events unfavorable to the CCP, such as the 1989 Tiananmen Square protests and massacre, pro-democracy movements in China, the persecution of Uyghurs in China, human rights in Tibet, Falun Gong, pro-democracy protests in Hong Kong, and aspects of the COVID-19 pandemic. Since Xi Jinping became the general secretary of the Chinese Communist Party in 2012, censorship has been "significantly stepped up".

<span class="mw-page-title-main">Internet censorship</span> Legal control of the internet

Internet censorship is the legal control or suppression of what can be accessed, published, or viewed on the Internet. Censorship is most often applied to specific internet domains but exceptionally may extend to all Internet resources located outside the jurisdiction of the censoring state. Internet censorship may also put restrictions on what information can be made internet accessible. Organizations providing internet access – such as schools and libraries – may choose to preclude access to material that they consider undesirable, offensive, age-inappropriate or even illegal, and regard this as ethical behavior rather than censorship. Individuals and organizations may engage in self-censorship of material they publish, for moral, religious, or business reasons, to conform to societal norms, political views, due to intimidation, or out of fear of legal or other consequences.

Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) computer networking protocol by which a client indicates which hostname it is attempting to connect to at the start of the handshaking process. The extension allows a server to present one of multiple possible certificates on the same IP address and TCP port number and hence allows multiple secure (HTTPS) websites to be served by the same IP address without requiring all those sites to use the same certificate. It is the conceptual equivalent to HTTP/1.1 name-based virtual hosting, but for HTTPS. This also allows a proxy to forward client traffic to the right server during TLS/SSL handshake. The desired hostname is not encrypted in the original SNI extension, so an eavesdropper can see which site is being requested. The SNI extension was specified in 2003 in RFC 3546

<span class="mw-page-title-main">UC Browser</span> Chinese web browser developed by UCWeb Inc

UC Browser is a web browser developed by mobile internet company UCWeb, a subsidiary of the Alibaba Group. It was the most popular mobile browser in India, Indonesia, and Mali, as well as the second-most popular one in China as of 2017. Its world-wide browser share as of May 2022 is 0.86% overall according to StatCounter.

<span class="mw-page-title-main">Internet outage</span> Loss of internet functionality over a small or large area

An Internet outage or Internet blackout or Internet shutdown is the complete or partial failure of the internet services. It can occur due to censorship, cyberattacks, disasters, police or security services actions or errors.

Internet censorship circumvention, also referred to as going over the wall or scientific browsing in China, is the use of various methods and tools to bypass internet censorship.

<span class="mw-page-title-main">Lantern (software)</span> Internet censorship circumvention software

Lantern is a free internet censorship circumvention tool that operates in some of the most extreme censorship environments, such as China, Iran, and Russia. It uses wide variety of protocols and techniques that obfuscate network traffic and/or co-mingle traffic with protocols censors are reluctant to block. It also uses domain fronting. It is not an anonymity tool like Tor.

<span class="mw-page-title-main">Morgan Marquis-Boire</span> New Zealand hacker, journalist, and security researcher

Morgan Marquis-Boire is a New Zealand-born hacker, journalist, and security researcher. Marquis-Boire previously served as an advisor to the Freedom of the Press Foundation. He was a Special Advisor to the Electronic Frontier Foundation (EFF) and advisor to the United Nations Interregional Crime and Justice Research Institute. He was the Director of Security at First Look Media and a contributing writer at The Intercept. He has been profiled by Wired, CNN, Süddeutsche Zeitung, and Tages Anzeiger. He was one of Wired Italy 's Top 50 people of 2014. In March 2015 he was named a Young Global Leader.

GitHub has been the target of censorship from governments using methods ranging from local Internet service provider blocks, intermediary blocking using methods such as DNS hijacking and man-in-the-middle attacks, and denial-of-service attacks on GitHub's servers from countries including China, India, Iraq, Russia, and Turkey. In all of these cases, GitHub has been eventually unblocked after backlash from users and technology businesses or compliance from GitHub.

GreatFire (GreatFire.org) is a website that monitors the status of websites censored by the Great Firewall of China and helps Chinese Internet users circumvent the censorship and blockage of websites in China. The site was first launched in 2011 by an anonymous trio. GreatFire is funded by sources inside and outside China, including the US-government-backed Open Technology Fund.

<span class="mw-page-title-main">Cyberspace Administration of China</span> Central Internet regulator in China

The Cyberspace Administration of China is the national internet regulator and censor of the People's Republic of China.

<span class="mw-page-title-main">Shadowsocks</span> Free and open-source encrypted proxy project

Shadowsocks is a free and open-source encryption protocol project, widely used in China to circumvent Internet censorship. It was created in 2012 by a Chinese programmer named "clowwindy", and multiple implementations of the protocol have been made available since. Shadowsocks is not a proxy on its own, but (typically) is the client software to help connect to a third-party SOCKS5 proxy, which is similar to a Secure Shell (SSH) tunnel. Once connected, internet traffic can then be directed through the proxy. Unlike an SSH tunnel, Shadowsocks can also proxy User Datagram Protocol (UDP) traffic.

<span class="mw-page-title-main">Domain fronting</span> Technique for Internet censorship circumvention

Domain fronting is a technique for Internet censorship circumvention that uses different domain names in different communication layers of an HTTPS connection to discreetly connect to a different target domain than that which is discernable to third parties monitoring the requests and connections.

<span class="mw-page-title-main">Snowflake (software)</span> Anti-censorship software

Snowflake is a software package for assisting others in circumventing internet censorship by relaying data requests. Snowflake relay nodes are meant to be created by people in countries where Tor and Snowflake are not blocked. People under censorship then use a Snowflake client, packaged with the Tor Browser or Onion Browser, to access the Tor network, using Snowflake relays as proxy servers. Access to the Tor network can in turn give access to other blocked services. A Snowflake node can be created by either installing a browser extension, installing a stand-alone program, or browsing a webpage with an embedded Snowflake relay. The node runs whenever the browser or program is connected to the internet.

References

  1. Perlroth, Nicole (April 10, 2015). "China Is Said to Use Powerful New Weapon to Censor Internet". The New York Times. Archived from the original on April 11, 2015. Retrieved April 10, 2015.
  2. Marczak, Bill; Weaver, Nicolas; Dalek, Jakub; Ensafi, Roya; Fifield, David; McKune, Sarah; Rey, Arn; Scott-Railton, John; Deibert, Ronald; Paxson, Vern (April 10, 2015). "China's Great Cannon". The Citizen Lab. Munk School of Global Affairs, University of Toronto, Canada. Archived from the original on April 10, 2015. Retrieved April 10, 2015.
  3. Franceschi-Bicchierai, Lorenzo (April 10, 2015). "The 'Great Cannon' is China's Powerful New Hacking Weapon". Motherboard - Vice. Vice Media LLC. Archived from the original on April 12, 2015. Retrieved April 10, 2015.
  4. Stone, Jeff (April 10, 2015). "China's 'Great Cannon' Lets Internet Censors Hack Sites Abroad – Just Ask GitHub". International Business Times. IBT Media Inc. Archived from the original on April 10, 2015. Retrieved April 10, 2015.
  5. Marczak, Bill; Weaver, Nicholas; Dalek, Jakub; Ensafi, Roya; Fifield, David; McKune, Sarah; Rey, Arn; Scott-Railton, John; Deibert, Ron; Paxson, Vern (2015-04-10). "China's Great Cannon". The Citizen Lab. Retrieved 2020-06-30.
  6. "Don't Be Fodder for China's 'Great Cannon' — Krebs on Security". 10 April 2015. Retrieved 2020-06-30.
  7. Peterson, Andrea (April 10, 2015). "China deploys new weapon for online censorship in form of 'Great Cannon'". The Washington Post. Archived from the original on April 17, 2015. Retrieved April 10, 2015.
  8. 1 2 Doman, Chris (2019-12-04). "The "Great Cannon" has been deployed again". AT&T Cybersecurty blog. Archived from the original on 2019-12-06. Retrieved 2019-12-06.
  9. "China's fierce censors try a new tactic with GitHub—asking nicely". 28 June 2016.