The Great Firewall of China, the censorship mechanism that keeps unwanted information out of citizens’ hands, is growing battlements. Beijing has rolled out what an early report from the University of Toronto’s Munk School of Global Affairs is calling the “Great Cannon,” a system for carrying out denial of service attacks on an unprecedentedly massive scale. The report explains how the new tool enables the Chinese government to shut down any server by routing an overwhelming amount of traffic to it. Beijing is already attacking some of the most popular sites for accessing the uncensored internet, Greatfire.org and GitHub. From the report:
We show that, while the attack infrastructure is co-located with the Great Firewall, the attack was carried out by a separate offensive system, with different capabilities and design, that we term the “Great Cannon.” The Great Cannon is not simply an extension of the Great Firewall, but a distinct attack tool that hijacks traffic to (or presumably from) individual IP addresses, and can arbitrarily replace unencrypted content as a man-in-the-middle.
The operational deployment of the Great Cannon represents a significant escalation in state-level information control: the normalization of widespread use of an attack tool to enforce censorship by weaponizing users. Specifically, the Cannon manipulates the traffic of “bystander” systems outside China, silently programming their browsers to create a massive DDoS attack. While employed for a highly visible attack in this case, the Great Cannon clearly has the capability for use in a manner similar to the NSA’s QUANTUM system,4 affording China the opportunity to deliver exploits targeting any foreign computer that communicates with any China-based website not fully utilizing HTTPS.
This type of “man-in-the-middle attack” is so powerful at the state level because it overwhelms enemy systems with traffic redirected from anywhere the government monitors, and China monitors the whole internet. Imagine what would happen if all of Google’s traffic was sent to a small site, and that’s a pretty good picture of what Beijing is doing by using the Great Cannon to send traffic from Baidu, China’s largest search engine, to foreign hosting sites.
Meanwhile, U.S. cyber security company FireEye published a report disclosing new details about one of China’s powerful elite hacking groups. The FT reports:
A hacking group that appears to be backed by the Chinese state has been stealing information from journalists, dissidents and foreign companies for more than a decade. […]
The hacker group, which FireEye refers to as APT30, is one of a few dozen it tracks and one of 20 it says are probably controlled by the Chinese state.
Bryce Boland, FireEye’s chief technology officer, said he was confident of Chinese state involvement based on the “victimology” of the hackers. Mr Boland said that the group had stolen information “about journalists, dissidents and political developments in relation to China, targeting government and military organisations, and targeting economic sectors of interest to China’s economy”. […]
The malware includes sophisticated tools to infiltrate “air gap” networks — secure networks that are not connected to the internet. This is accomplished by infecting USB drives that may transfer the virus from an infected machine to an air gap computer.
“That shows the sophistication in targeting the more sensitive government networks, and particularly military and non-internet connected networks,” said Mr Boland. “The capability to attack air-gapped networks is not unique but it certainly not common.”
These latest developments are explosive, and they reveal the brave new world we have already entered. Governments are becoming more aggressive in cyberspace even as the tools for doing so get more powerful and more destructive. It’s a new frontier for warfare, and there are no rules yet.