China’s ‘Great Cannon’ Uses DDoS Style Redirects for Censorship

The 'Great Firewall' was designed to block unwanted traffic, but the 'Great Cannon' is a far more sinister.

The hack on Sony last November, allegedly perpetrated by North Korea, marked somewhat of a new age in internet security. It showed everyone that corporate cyber espionage, and international cyber war are no longer the domain of science fiction. A report published on CitizenLab.org details evidence of a Chinese state-sponsored cyber weapon: the “great cannon.”

The report was a collaboration between researchers from the University of Toronto, University of California at Berkeley, Princeton University and the International Computer Science Institute. They uncovered evidence of the great cannon when investigating large scale DDoS (distributed denial of service) attacks against servers and web pages associated with a Chinese anti-censorship site, Greatfire.org.

The investigation indicated that this wasn’t simply China’s infamous great firewall at work, but a specific tool. According to the report:

The Great Cannon is not simply an extension of the Great Firewall, but a distinct attack tool that hijacks traffic to (or presumably from) individual IP addresses, and can arbitrarily replace unencrypted content as a man-in-the-middle.

This means any unencrypted content flowing through the internet infrastructure — even traffic outside of China — can be used as a load in a DDoS attack. The researchers describe this as the use of “bystander” systems because the tool silently hijacks exterior browsers and uses their processing power to further burden target systems.

The core difference is that the great firewall works to block traffic by terminating links; it can’t alter the traffic, just stop it. The great cannon modifies and redirects information for malicious purposes. Additionally “the evidence indicates that the GC’s role is to inject traffic under specific targeted circumstances, not to censor traffic,” according to the report.

While this was an attack by a government on a privacy advocacy group, we’ve seen the impact of attacks on businesses in the past. Companies and employees need to make sure their systems are capable of mitigating any attack, whether its external or even internal.

Armond Caglar, a senior threat specialist at TSC Advantage, wrote for ReadWrite.com:

[All employees], regardless of position, must be continuously trained to understand corporate security policies and procedures, as well as the latest types of threats targeting U.S. firms. Breach-proof security doesn’t exist, and businesses can’t afford to believe in the infallibility of IT solutions alone in fending off foreign-sponsored attacks.