China has acquired a powerful new weapon in its efforts to strictly control internet access and content.
That’s according to a new report released Apr. 10 by Citizen Lab, a research group at the University of Toronto’s Munk School of Global Affairs. It sheds more light on the recent distributed denial-of-service (DDoS) attacks against popular programming site GitHub, and the nonprofit site GreatFire.org, which replicates websites already blocked by Chinese censors.
Citizen Lab says it had identified the new weapon—which it has named China’s “Great Cannon”—responsible for both attacks.
Located within China’s massive “Great Firewall” censorship apparatus, the Great Cannon appears to operate as a separate tool that ”hijacks traffic to (or presumably from) individual IP addresses, and can arbitrarily replace unencrypted content as a man-in-the-middle,” according to Citizen Lab.
In the case of online code repository GitHub, the Great Cannon was able to alter script distributed by Chinese search engine Baidu, redirecting massive amounts of “bad traffic” back towards GitHub’s servers in late March, reports the Verge. The attack, which lasted several days, was the largest the company had ever experienced.
While the Great Cannon’s ability to target and potentially take down websites is worrying enough, it’s also possible that the technology could be tweaked in order to plant malware in millions of computers communicating with vulnerable Chinese servers, according to TechCrunch.
Those familiar with Edward Snowden’s revelations may remember that the US already has this capability through the formerly top-secret NSA program QUANTUM. Unlike the US government, which attempted to keep the existence of QUANTUM a secret, China does not seem particularly concerned with hiding this newest addition to its censorship arsenal. This brazenness both confuses and concerns the researchers at Citizen Lab.
We remain puzzled as to why the GC’s operator chose to first employ its capabilities in such a publicly visible fashion. Conducting such a widespread attack clearly demonstrates the weaponization of the Chinese Internet to co-opt arbitrary computers across the web and outside of China to achieve China’s policy ends. The repurposing of the devices of unwitting users in foreign jurisdictions for covert attacks in the interests of one country’s national priorities is a dangerous precedent—contrary to international norms and in violation of widespread domestic laws prohibiting the unauthorized use of computing and networked systems.