Great Cannon

Last updated April 14, 2024

The Great Cannon of China is an Internet attack tool that is used by the Chinese government to launch distributed denial-of-service attacks on websites by performing a man-in-the-middle attack on large amounts of web traffic and injecting code which causes the end-user's web browsers to flood traffic to targeted websites.^[1] According to the researchers at the Citizen Lab, the International Computer Science Institute, and Princeton University's Center for Information Technology Policy, who coined the term, the Great Cannon hijacks foreign web traffic intended for Chinese websites and re-purposes them to flood targeted web servers with enormous amounts of traffic in an attempt to disrupt their operations. While it is co-located with the Great Firewall, the Great Cannon is "a separate offensive system, with different capabilities and design."^[2]

Mechanism

The Great Cannon hijacks insecure traffic inbound to servers within the Great Firewall, and injects JavaScript that redirects that traffic to the target.^[5] These attacks fail when websites have HTTPS encryption.^[6]

Known uses

The first known targets of the Great Cannon (in late March 2015) were websites hosting censorship-evading tools, including GitHub, a web-based code hosting service, and GreatFire, a service monitoring blocked websites in China.^[7]

In 2017, the Great Cannon was used to attack the Mingjing News website.^[8]

As of December 2019^[update], the Great Cannon was being used to attempt to take down the Hong Kong-based LIHKG online forum, even though the Basic Law of Hong Kong clearly states that Hong Kong's internet is the affairs of Hong Kong and Hong Kong only.^[8]

Reaction

Quartz reported that the 2015 GitHub attack caused "severe" political problems for China, including the United States Department of State viewing it as "an attack against US infrastructure".^[9]

Related Research Articles

China censors both the publishing and viewing of online material. Many controversial events are censored from news coverage, preventing many Chinese citizens from knowing about the actions of their government, and severely restricting freedom of the press. China's censorship includes the complete blockage of various websites, apps, video games, inspiring the policy's nickname, the "Great Firewall of China", which blocks websites. Methods used to block websites and pages include DNS spoofing, blocking access to IP addresses, analyzing and filtering URLs, packet inspection, and resetting connections.

The Great Firewall is the combination of legislative actions and technologies enforced by the People's Republic of China to regulate the Internet domestically. Its role in internet censorship in China is to block access to selected foreign websites and to slow down cross-border internet traffic. The Great Firewall operates by checking transmission control protocol (TCP) packets for keywords or sensitive words. If the keywords or sensitive words appear in the TCP packets, access will be closed. If one link is closed, more links from the same machine will be blocked by the Great Firewall. The effect includes: limiting access to foreign information sources, blocking foreign internet tools and mobile apps, and requiring foreign companies to adapt to domestic regulations.

The OpenNet Initiative (ONI) was a joint project whose goal was to monitor and report on internet filtering and surveillance practices by nations. Started in 2002, the project employed a number of technical means, as well as an international network of investigators, to determine the extent and nature of government-run internet filtering programs. Participating academic institutions included the Citizen Lab at the Munk Centre for International Studies, University of Toronto; Berkman Center for Internet & Society at Harvard Law School; the Oxford Internet Institute (OII) at University of Oxford; and, The SecDev Group, which took over from the Advanced Network Research Group at the Cambridge Security Programme, University of Cambridge.

Google China is a subsidiary of Google. Once a popular search engine, most services offered by Google China were blocked by the Great Firewall in the People's Republic of China. In 2010, searching via all Google search sites, including Google Mobile, was moved from mainland China to Hong Kong.

Psiphon is a free and open-source Internet censorship circumvention tool that uses a combination of secure communication and obfuscation technologies, such as a VPN, SSH, and a Web proxy. Psiphon is a centrally managed and geographically diverse network of thousands of proxy servers, using a performance-oriented, single- and multi-hop routing architecture.

Censorship in the People's Republic of China is mandated by the PRC's ruling party, the Chinese Communist Party (CCP). It is one of the strictest censorship regimes in the world. The government censors content for mainly political reasons, such as curtailing political opposition, and censoring events unfavorable to the CCP, such as the 1989 Tiananmen Square protests and massacre, pro-democracy movements in China, the persecution of Uyghurs in China, human rights in Tibet, Falun Gong, pro-democracy protests in Hong Kong, and aspects of the COVID-19 pandemic. Since Xi Jinping became the general secretary of the Chinese Communist Party in 2012, censorship has been "significantly stepped up".

Internet censorship is the legal control or suppression of what can be accessed, published, or viewed on the Internet. Censorship is most often applied to specific internet domains but exceptionally may extend to all Internet resources located outside the jurisdiction of the censoring state. Internet censorship may also put restrictions on what information can be made internet accessible. Organizations providing internet access – such as schools and libraries – may choose to preclude access to material that they consider undesirable, offensive, age-inappropriate or even illegal, and regard this as ethical behavior rather than censorship. Individuals and organizations may engage in self-censorship of material they publish, for moral, religious, or business reasons, to conform to societal norms, political views, due to intimidation, or out of fear of legal or other consequences.

Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) computer networking protocol by which a client indicates which hostname it is attempting to connect to at the start of the handshaking process. The extension allows a server to present one of multiple possible certificates on the same IP address and TCP port number and hence allows multiple secure (HTTPS) websites to be served by the same IP address without requiring all those sites to use the same certificate. It is the conceptual equivalent to HTTP/1.1 name-based virtual hosting, but for HTTPS. This also allows a proxy to forward client traffic to the right server during TLS/SSL handshake. The desired hostname is not encrypted in the original SNI extension, so an eavesdropper can see which site is being requested. The SNI extension was specified in 2003 in RFC 3546

UC Browser is a web browser developed by mobile internet company UCWeb, a subsidiary of the Alibaba Group. It was the most popular mobile browser in India, Indonesia, and Mali, as well as the second most popular one in China as of 2017. Its world-wide browser share as of May 2022 is 0.86% overall according to StatCounter.

An Internet outage or Internet blackout or Internet shutdown is the complete or partial failure of the internet services. It can occur due to censorship, cyberattacks, disasters, police or security services actions or errors.

Internet censorship circumvention, also referred to as going over the wall or scientific browsing in China, is the use of various methods and tools to bypass internet censorship.

Lantern is a free internet censorship circumvention tool that operates in some of the most extreme censorship environments, such as China, Iran, and Russia. It uses wide variety of protocols and techniques that obfuscate network traffic and/or co-mingle traffic with protocols censors are reluctant to block. It also uses domain fronting. It is not an anonymity tool like Tor.

Morgan Marquis-Boire is a New Zealand-born hacker, journalist, and security researcher. Marquis-Boire previously served as an advisor to the Freedom of the Press Foundation. He was a Special Advisor to the Electronic Frontier Foundation (EFF) and advisor to the United Nations Interregional Crime and Justice Research Institute. He was the Director of Security at First Look Media and a contributing writer at The Intercept. He has been profiled by Wired, CNN, Süddeutsche Zeitung, and Tages Anzeiger. He was one of Wired Italy 's Top 50 people of 2014. In March 2015 he was named a Young Global Leader.

GitHub has been the target of censorship from governments using methods ranging from local Internet service provider blocks, intermediary blocking using methods such as DNS hijacking and man-in-the-middle attacks, and denial-of-service attacks on GitHub's servers from countries including China, India, Iraq, Russia, and Turkey. In all of these cases, GitHub has been eventually unblocked after backlash from users and technology businesses or compliance from GitHub.

GreatFire (GreatFire.org) is a website that monitors the status of websites censored by the Great Firewall of China and helps Chinese Internet users circumvent the censorship and blockage of websites in China. The site was first launched in 2011 by an anonymous trio. GreatFire is funded by sources inside and outside China, including the US-government-backed Open Technology Fund.

The Cyberspace Administration of China is the national internet regulator and censor of the People's Republic of China.

Shadowsocks is a free and open-source encryption protocol project, widely used in China to circumvent Internet censorship. It was created in 2012 by a Chinese programmer named "clowwindy", and multiple implementations of the protocol have been made available since. Shadowsocks is not a proxy on its own, but (typically) is the client software to help connect to a third-party SOCKS5 proxy, which is similar to a Secure Shell (SSH) tunnel. Once connected, internet traffic can then be directed through the proxy. Unlike an SSH tunnel, shadowsocks can also proxy User Datagram Protocol (UDP) traffic.

Domain fronting is a technique for Internet censorship circumvention that uses different domain names in different communication layers of an HTTPS connection to discreetly connect to a different target domain than is discernable to third parties monitoring the requests and connections.

In 2015, the government of Kazakhstan created a root certificate which could have enabled a man-in-the-middle attack on HTTPS traffic from Internet users in Kazakhstan. The government described it as a "national security certificate". If installed on users' devices, the certificate would have allowed the Kazakh government to intercept, decrypt, and re-encrypt any traffic passing through systems it controlled.

References

↑ Perlroth, Nicole (April 10, 2015). "China Is Said to Use Powerful New Weapon to Censor Internet". The New York Times. Archived from the original on April 11, 2015. Retrieved April 10, 2015.
↑ Marczak, Bill; Weaver, Nicolas; Dalek, Jakub; Ensafi, Roya; Fifield, David; McKune, Sarah; Rey, Arn; Scott-Railton, John; Deibert, Ronald; Paxson, Vern (April 10, 2015). "China's Great Cannon". The Citizen Lab. Munk School of Global Affairs, University of Toronto, Canada. Archived from the original on April 10, 2015. Retrieved April 10, 2015.
↑ Franceschi-Bicchierai, Lorenzo (April 10, 2015). "The 'Great Cannon' is China's Powerful New Hacking Weapon". Motherboard - Vice. Vice Media LLC. Archived from the original on April 12, 2015. Retrieved April 10, 2015.
↑ Stone, Jeff (April 10, 2015). "China's 'Great Cannon' Lets Internet Censors Hack Sites Abroad – Just Ask GitHub". International Business Times. IBT Media Inc. Archived from the original on April 10, 2015. Retrieved April 10, 2015.
↑ Marczak, Bill; Weaver, Nicholas; Dalek, Jakub; Ensafi, Roya; Fifield, David; McKune, Sarah; Rey, Arn; Scott-Railton, John; Deibert, Ron; Paxson, Vern (2015-04-10). "China's Great Cannon". The Citizen Lab. Retrieved 2020-06-30.
↑ "Don't Be Fodder for China's 'Great Cannon' — Krebs on Security". 10 April 2015. Retrieved 2020-06-30.
↑ Peterson, Andrea (April 10, 2015). "China deploys new weapon for online censorship in form of 'Great Cannon'". The Washington Post. Archived from the original on April 17, 2015. Retrieved April 10, 2015.
1 2 Doman, Chris (2019-12-04). "The "Great Cannon" has been deployed again". AT&T Cybersecurty blog. Archived from the original on 2019-12-06. Retrieved 2019-12-06.
↑ "China's fierce censors try a new tactic with GitHub—asking nicely". 28 June 2016.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[NYT-China-Said-to-Use-Powerful-New-Weapon-Censor-Internet-1] Perlroth, Nicole (April 10, 2015). "China Is Said to Use Powerful New Weapon to Censor Internet". The New York Times. Archived from the original on April 11, 2015. Retrieved April 10, 2015.

[China-Great-Cannon-2] Marczak, Bill; Weaver, Nicolas; Dalek, Jakub; Ensafi, Roya; Fifield, David; McKune, Sarah; Rey, Arn; Scott-Railton, John; Deibert, Ronald; Paxson, Vern (April 10, 2015). "China's Great Cannon". The Citizen Lab. Munk School of Global Affairs, University of Toronto, Canada. Archived from the original on April 10, 2015. Retrieved April 10, 2015.

[Motherboard-Great-Cannon-China-Powerful-New-Hacking-Weapon-3] Franceschi-Bicchierai, Lorenzo (April 10, 2015). "The 'Great Cannon' is China's Powerful New Hacking Weapon". Motherboard - Vice. Vice Media LLC. Archived from the original on April 12, 2015. Retrieved April 10, 2015.

[China-Great-Cannon-Lets-Internet-Censors-Hack-Sites-Abroad-4] Stone, Jeff (April 10, 2015). "China's 'Great Cannon' Lets Internet Censors Hack Sites Abroad – Just Ask GitHub". International Business Times. IBT Media Inc. Archived from the original on April 10, 2015. Retrieved April 10, 2015.

[5] Marczak, Bill; Weaver, Nicholas; Dalek, Jakub; Ensafi, Roya; Fifield, David; McKune, Sarah; Rey, Arn; Scott-Railton, John; Deibert, Ron; Paxson, Vern (2015-04-10). "China's Great Cannon". The Citizen Lab. Retrieved 2020-06-30.

[6] "Don't Be Fodder for China's 'Great Cannon' — Krebs on Security". 10 April 2015. Retrieved 2020-06-30.

[WSP-China-Deploys-New-Weapon-Online-Censorship-Great-Cannon-7] Peterson, Andrea (April 10, 2015). "China deploys new weapon for online censorship in form of 'Great Cannon'". The Washington Post. Archived from the original on April 17, 2015. Retrieved April 10, 2015.

[ATT_Doman-8] 1 2 Doman, Chris (2019-12-04). "The "Great Cannon" has been deployed again". AT&T Cybersecurty blog. Archived from the original on 2019-12-06. Retrieved 2019-12-06.

[9] "China's fierce censors try a new tactic with GitHub—asking nicely". 28 June 2016.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

v t e National security and law enforcement in China
National	Central Committee of the Chinese Communist Party National Security Commission Central Military Commission People's Liberation Army Militia Maritime Militia NDMC United Front Work Department State Council Ministry of State Security Ministry of Public Security National Defense Mobilization Commission Ministry of National Defense Taiwan Affairs Office
Mainland	Supervisory Commissions People's Police Public Security PP provincial Public Security Departments city/county Public Security Bureaus Internet police Immigration Inspection State Security PP Judicial Administrative PP People's Courts Judicial Police People's Procuratorates Judicial Police People's Armed Police Coast Guard Customs State Secrets Protection Cyberspace Admin Urban Admin
Hong Kong	Office for Safeguarding National Security of the CPG in the HKSAR Committee for Safeguarding National Security of the Hong Kong Special Administrative Region PLA Hong Kong Garrison Independent Commission Against Corruption Hong Kong Disciplined Services Police National Security Department Fire Correction Customs Immigration
Macau	PLA Macau Garrison Commission Against Corruption Macau Security Force Unitary Police Service [ zh ] Public Security Police (including Migration Service) Judiciary Police [ zh ] Fire Services Bureau Correctional Services Bureau Macau Customs Service [ zh ]
Operations	Campaign to Suppress Counterrevolutionaries (1950–53) Three-anti and Five-anti Campaigns (1951–52) Sufan movement (1955–57) Anti-Rightist Campaign (1957–59) Red August (1966) Shadian incident (1975) 1983 "Strike Hard" Anti-crime Campaign (1983–87) Persecution of Falun Gong (1999) 6521 Project (2009) Anti-corruption campaign (2012–) Strike Hard Campaign Against Violent Terrorism (2014–) Operation Fox Hunt (2014–) 709 crackdown (2015) Abroad Information operations and information warfare United States
Other topics	2011 crackdown 610 Office Black jails Capital punishment Censorship Central Case Examination Group Civil Servant-Family Pair Up Death sentence with reprieve Great Cannon Grid-style social management Hong Kong national security law List of Hong Kong national security cases Human rights Tibet Macao Hong Kong Internet censorship Inciting subversion of state power Judicial system Judiciary of Hong Kong Judiciary of Macau Laogai Life imprisonment Penal system PLA Unit 61398 Political offences Picking quarrels and provoking trouble Re-education through labor Residential Surveillance at a Designated Location Soft detention Shuanggui Two-faced person Persecution of Uyghurs in China Xinjiang internment camps Holistic security concept