We all know about the Great Firewall of China and all that it tries to do to censor the Internet. But now we are learning about the Great Cannon, a state-sponsored network injection attack. This attack is aimed at disabling certain websites that the Chinese government wants not only to deny the people access to, but to shut down entirely. The attack is not completely successful, but causes enough disruption to have earned a name in the chronicles of cyber warfare.
GreatFire and GitHub Targeted
The Great Cannon made its first appearance when the website GreatFire.org was targeted by China. GreatFire is an organization that is devoted to observing China’s Great Firewall and publishing information about the country’s censorship activities. The Chinese government is of course very unhappy about the existence of such a website, and launched attacks against it in mid March this year, when the term Great Cannon was coined. GitHub was also attacked about a week later. The Great Firewall used to be a passive content filtering system, but now this aggressive attack component has emerged.
GreatFire suffered a DDoS attack on March 17, along with its partner websites. The huge attack was unlike anything that they had ever faced before, and with help they later discovered that the Chinese Cyberspace Administration was behind it. They used a powerful system to redirect millions of users’ worth of Internet traffic to the targeted websites. A malicious JavaScript code was being added to these users’ traffic, including the Baidu search engine and analytics tool, through which most of China’s Internet traffic passes. Every netizen using Baidu or visiting a website that uses Baidu Analytics would get the code injected into their traffic, which was then used in the attack. But the attack was not limited to Chinese users because it also used the traffic of any global user who happened to come across an infected site that is using Baidu or that uses servers in China. In January, a report said that the Cyberspace Administration had already turned all the computers in China into potential weapons. Now they are pulling in global resources.
GitHub was then also attacked with the same means on March 26, and further analysis revealed that it was the GreatFire page on the site that was the main target. And again, a thorough investigation revealed that the Cyberspace Administration is the culprit. GreatFire mirrored their page to their GitHub repository, but the attack followed to the new URL. GitHub also said that this was the biggest attack that they had ever suffered. GitHub announced that a variety of attack vectors was used, combining the old tricks that they had already seen previously, and new ones like the hijacking of browsers to redirect floods of user traffic to the website. They also said that they suspect that the attack was aimed at the GreatFire page and that the attackers’ intent was to have GitHub take all the content of GreatFire off the site.
The Great Cannon Represents a Paradigm Shift
China has thrown Internet governance out the window and blatantly revealed their complete lack of respect for international users. The government was concerned in the past with keeping content out of China to “protect” the Chinese people. But now they have gone on the offensive, exploiting and attacking foreign users and websites. The Cyberspace Administration denies the attacks of course, but they could only have come from the Chinese Internet backbone. It is bad enough that the government is imposing censorship on its people, but utterly unacceptable that they have begun to wage war on the rest of cyberspace in an attempt to impose their censorship outside of their borders.
It seems that the Chinese authorities became very angry when they realized that their very sophisticated and expensive Great Firewall would never be enough to silence all the websites in the world that love freedom and diligently report on all things anti-freedom. So they created a weapon that could do damage to the websites that they were unable to shut down. Sites like GreatFire are encrypted, so all the Cyberspace Administration could think to do is use man-in-the-middle attacks to force such sites to shut down.
The Chinese Cyberspace Administration has a weapon, and it is this system of attack that has been aptly named the Great Cannon. It is always armed and can very easily be fired on any website anywhere in the world, at any time. It is obvious that China has prepared this Great Cannon over some time, gathering the global resources that they need in the form of unsuspecting Internet users. The result of this can only be greater scorn for Chinese interference in matters of the Internet, and greater opposition to their attempts to fragment our beloved Net.