'Great Cannon' is widening China censorship, say researchers (Update)

April 10, 2015 by Rob Lever
China has expanded its Internet censorship efforts beyond its borders with a new strategy that attacks websites across the globe
China has expanded its Internet censorship efforts beyond its borders with a new strategy that attacks websites across the globe, researchers say

China has expanded its Internet censorship efforts beyond its borders with a new strategy that attacks websites across the globe, researchers said Friday.

The new strategy, dubbed "Great Cannon," seeks to shut down websites and services aimed at helping the Chinese circumvent the "Great Firewall," according to a report by the Citizen Lab at the University of Toronto.

"While the attack infrastructure is co-located with the Great Firewall, the attack was carried out by a separate offensive system, with different capabilities and design, that we term the 'Great Cannon,'" the report said.

"The Great Cannon is not simply an extension of the Great Firewall, but a distinct attack tool that hijacks traffic to (or presumably from) individual IP addresses."

The report supports claims by the activist organization GreatFire, which last month claimed China was seeking to shut down its websites that offer "mirrored" content from blocked websites like those of the New York Times and others.

The technique involves hijacking Internet traffic to the big Chinese search engine Baidu and using that in "denial of service" attacks which flood a website in an effort to knock it offline.

The report authors said the new tool represents "a significant escalation in state-level information control" by using "an attack tool to enforce censorship by weaponizing users."

The Great Cannon manipulates the traffic of "bystander" systems including "any foreign computer that communicates with any China-based website not fully utilizing (encryption)."

"Great Cannon" seeks to shut down websites and services aimed at helping the Chinese circumvent the "Great Firewa
"Great Cannon" seeks to shut down websites and services aimed at helping the Chinese circumvent the "Great Firewall", researchers say
'Puzzling' openness

The Citizen Lab researchers said they found "compelling evidence that the Chinese government operates the GC (Great Cannon)," despite Beijing's denials of involvement in cyberattacks.

Because the Great Cannon shares code and infrastructure with the Great Firewall, this "strongly suggests a governmental actor," said the report, which included collaboration from researchers at the University of California and Princeton University.

The researchers said that deploying the Great Cannon "is a major shift in tactics," and that it would likely "require the approval of high-level authorities within the Chinese government."

"The government's reasoning for deploying the GC here is unclear, but it may wish to confront the threat presented to the Communist Party of China's ideological control by the 'collateral freedom' strategy advanced by GreatFire.org and others," the report said.

The report was produced by researchers Bill Marczak, Nicholas Weaver, Jakub Dalek, Roya Ensafi, David Fifield, Sarah McKune, Arn Rey, John Scott-Railton, Ronald Deibert and Vern Paxson, who are affiliated with the universities or the International Computer Science Institute.

The report also indicates China and the Great Cannon were responsible for the attack on GitHub, a software collaboration website that is also used by Chinese dissidents to circumvent censorship.

The attack tool, said the researchers, gives China capability similar to that of the US National Security Agency's Quantum program described in documents leaked by former NSA contractor Edward Snowden.

But the report said it is unclear why China is doing this overtly.

"We remain puzzled as to why the (Great Cannon) operator chose to first employ its capabilities in such a publicly visible fashion," the report said.

"Conducting such a widespread attack clearly demonstrates the weaponization of the Chinese Internet to co-opt arbitrary computers across the web and outside of China to achieve China's policy ends."

It said the technique "is a dangerous precedent" and "contrary to international norms and in violation of widespread domestic laws prohibiting the unauthorized use of computing and networked systems."

Explore further: China suspected as software site GitHub hit by attack (Update)

Related Stories

China web freedom group faces online disruption

March 20, 2015

A U.S.-subsidized advocacy group that helps Internet users inside China bypass blockages on censored content says it is suffering a mysterious denial-of-service attack disrupting its operations.

Reuters websites blocked in China

March 20, 2015

Reuters news websites were inaccessible in China on Friday, the latest Western news organisation to be blocked in a country where censors keep a tight grip over information.

Beijing behind Internet security violation: group

March 25, 2015

China's cyberspace administration is "complicit" in attacks on major Internet companies including Google, an anti-censorship group said Wednesday, calling on firms worldwide to strengthen their defences.

Recommended for you

Researchers engineer a tougher fiber

February 22, 2019

North Carolina State University researchers have developed a fiber that combines the elasticity of rubber with the strength of a metal, resulting in a tougher material that could be incorporated into soft robotics, packaging ...

A quantum magnet with a topological twist

February 22, 2019

Taking their name from an intricate Japanese basket pattern, kagome magnets are thought to have electronic properties that could be valuable for future quantum devices and applications. Theories predict that some electrons ...

2 comments

Adjust slider to filter visible comments by rank

Display comments: newest first

rp142
5 / 5 (1) Apr 10, 2015
Good. It is attacks like this that might finally get some defensive technologies built into Internet infrastructure. Denial of Service attacks have been around for a long time and have damaged many sites and caused significant losses to many companies but they are still allowed to happen.

A system that responds to and stops DoS attacks is not an impossible ask but does require some level of motivation. With several groups carrying out these attacks and the frequency of attacks increasing, the point where apathy is overcome might not be far off.

The Internet has become an essential tool in the daily lives of billions of people and nearly ever business, it is about time that the integrity and security of the Internet was protected.
Da Schneib
not rated yet Apr 12, 2015
Neato, the Great Spammon. /me rolls eyes.

The chokepoint is the Great Firewall; limit their connection diversity, and cut them off from the rest of the world for a week every time they try this. Or just choke down their bandwidth. Say, to a T1 line. That's the end of that. It's a simple engineering problem, with a simple solution they made available themselves by creating their own chokepoint.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.