'Great Cannon of China': censorship tool hijacks internet traffic to shoot it at unwanted websites

New cyberweapon could be used to take down sites that operators don’t like, and was used on code-sharing site Github and anti-censorship site GreatFire.org

China has a new cyberweapon that can be used to hijack internet traffic and turn it against websites that it doesn’t like, according to researchers. The tool has already been used to attack two major websites, Github and GreatFire.org.

The tool, called the ‘Great Cannon’ by the researchers that discovered it, can take internet traffic and redirect it towards websites, forcing a distributed denial of service (DDoS) attack. Such attacks send a huge influx of traffic towards a site, overloading it and often forcing it to go offline.

It was used to attack Github, which was taken down for almost a week recently, and anti-censorship site GreatFire.org. It was discovered and named by a group of researchers led by Bill Marczak from the University of Toronto.

The Great Cannon is related to the Great Firewall but separate from it, according to those behind it — it uses the same network space and infrastructure and similar coding, showing that it is being controlled by China. But the way it is built means that it works much more effectively for attacks as well as blocking, according to the researchers.

 

The technology was used to attack two specific “repositories” on GitHub — areas where specific code is kept. That included GreatFire’s and a Chinese mirror for the New York Times, both of which were used by people behind the Great Firewall to circumvent internet censorship.

The attack represents a major shift in tactics and is a much more visible attack than those previously carried out by the country, according to the researchers that found it. “It is likely that this attack, with its potential for political backlash, would require the approval of high-level authorities within the Chinese government,” they write.

The researchers speculate that the Great Cannon could have been deployed to undermine the threat presented by GreatFire.org and other sites, or could also be an attempt to demonstrate to the US that China has similar capabilities for attacking and undermining internet communications.

Comments