logo HDM

Debito pubblico italiano


lunedì 13 aprile 2015

The Great Cannon

China has something very impressive that we are not aware of. The country has a powerful and previously unknown weapon that its government is using to bolster their cyber attack capabilities:

Dubbed "The Great Cannon."

When I talk about Internet censorship, it is incomplete if I don't mention China. China is famous for itsGreat Wall of China and Great Firewall of China. The censoring of Internet access and blocking an individual website in China by its government, known as the Great Firewall of China.

But, why the Chinese government does that? The answer is very simple:

The Chinese government restricts those contents it deems sensitive for its country's so-called democracy. It illegalize certain online speech and activities, block selected websites, and filter keywords out of searches initiated from computers located in Mainland China.

The worse:

Those Chinese citizens who offend authorities against Internet censorship in the country can also face judicial consequences.

The same thing I mentioned above China did few days ago to Github by launching a massivedistributed denial of service (DDoS) attack.

Github is a popular source code hosting website used by programmers to collaborate on software development.

The massive DDoS attacks, that intermittently shut down GitHub for more than 5 days, specifically targeted two popular Github projects –
  • GreatFire.org – Anti-censorship tool, hosted on GitHub, used to help Chinese citizens circumvent The Great Firewall Of China.
  • CN-NYTimes – A group on Github that hosts New York Times mirrors to allow Chinese netizens access to the news website, which is normally blocked in China.

But, how did the Chinese manage to produce DDoS attacks of so much strength and Bandwidth?

Yes, the answer is the "Great Cannon" (GC). Chinese government is now using a new cyber weapon in an effort to silence not only its citizens, but critics around the world, according to the latest report released by Citizen Lab.

What's the Great Cannon?

The Great Cannon is a special cyber attack tool essentially capable of hijacking Internet traffic at the national level and then direct that traffic at targeted networks the attackers want to knock offline, sending back spyware or malware, or using the target to flood another website with traffic.

It is believed that Github's attackers used the Great Cannon as a DDoS attack tool to redirect the Internet traffic of visitors to Chinese search engine giant 'Baidu' or any website that used Baidu’s extensive Advertisement network in order to cripple the popular code-sharing website.

In simple words:

Those visiting a Baidu-affiliated website from anywhere in the world were vulnerable to getting their Internet traffic hijacked by the attackers, which could then be turned into a weapon to flood anti-censorship websites, like GitHub, with too much of junk traffic.

Let’s have a look on how the Great Cannon was deployed in the GitHub and GreatFire.org attacks:
The Great Cannon works by intercepting data which is sent between two nodes and then redirecting the data to a third one. This powerful cyber weapon seems to leverage an analytic script, which is commonly distributed by the Chinese search engine Baidu.

Generally this script is not malicious, but according to Citizen Lab, the Cannon's creators tampered with the script code a little bit in order to redirect the user to Github, instead of sending a data packet, thus flooding the target website with traffic from unsuspecting users.

The weapon is also capable of producing a full-fledged man-in-the-middle (MITM) attack, so it could also be used to intercept unencrypted emails.

It makes me remind of:

QUANTUM – an NSA's similar weapon that was capable to redirect victims to fake websites containing malware served through unencrypted sites using Man in the middle attacks to a spoofed server, which can respond faster than the real one that is placed somewhere on the Internet backbone.

These secret Internet backbone nodes, which the National Security Agency, dubbed Quantum nodes.

What's more:

This new move by Chinese government could signal a trouble in China's online behavior – Shifting from the passive censorship of the Great Firewall of China to the active censorship by readily attacking foreign websites with the Great Cannon.

Cyber attacks originating in China are not at all surprising. But...

..."the operational deployment of the Great Cannon represents a significant escalation in state-level information control: the normalization of widespread use of a [cyber] attack tool to enforce censorship by weaponizing users," the security researchers from the University of Toronto and University of California wrote in a report published Friday.

According to the researchers, the Great Cannon weapon used by Chinese authorities could be neutralized to a great extent if the websites communicate over encrypted HTTPS connections.

Why? The reason:

Those websites whose communications are end-to-end encrypted is difficult to modify for an attacker sitting in between the sender & the receiver, unless and until those websites are not loading files or resources via unencrypted i.e. non-HTTPS connections.