‘Great Cannon’ China’s Weapon Shoots Down Internet Sites

Uploaded on 2015-07-07 in INTELLIGENCE-Hot Spots-China, GOVERNMENT-National, FREE TO VIEW, NEWS-Cybersecurity News, TECHNOLOGY--Hackers

China's new weapon: The Great Cannon to shoot down any internet site

China is widely suspected to be behind the recent attacks on GitHub and Internet freedom group Great Fire. Now we have the most concrete evidence that indeed it was, and it looks like it did so using a new weapon to boot. That’s according to a report from Citizen Lab - an ICT, security and human rights lab based within the Munk School of Global Affairs at the University of Toronto. Citizen Lab looked into these recent attacks and identified ‘Great Cannon’, a tool built to intercept data and redirect it to specific sites, as the attack system responsible for them.

The recent attacks are the first instances of the Great Cannon being deployed, and they are notable for a few reasons. Scale is one of them: Great Fire claimed “millions” of users were compromised for the attack it suffered, which hijacked Baidu and pushed the organization’s Amazon hosting bill to $30,000 per day. It is also persistent: GitHub said it faced the largest attack in its history, which was ongoing for five days.

The Citizen Lab report surfaced some evidence showing commonalities between China’s Great Firewall censorship system and Great Cannon. That’s another indicator that China was behind these malicious attacks, something it denies, but there is also concern that China’s new internet weapon could be used for more specific and targeted attacks.

The Edward Snowden leaks revealed the existence of QUANTUM, an NSA tool that could plant malware on millions of computers. Citizen Lab said that, with slight moderations, China’s Great Cannon could act in a similar way:

A technically simple change in the Great Cannon’s configuration, switching to operating on traffic from a specific IP address rather than to a specific address, would allow its operator to deliver malware to targeted individuals who communicates with any Chinese server not employing cryptographic protections.

The discovery of this tool is another reminder of the importance of secure browsing technology, like HTTPS, since weak security systems can undermine the safety of Internet users browsing websites. Furthermore, with the tool now exposed to the world, what were China’s motives for using it in such a public way? It could be that it was meant as a warning to other sites that challenge its censorship and regime so directly, but, either way, it represents a worrying change in policy from defensively censoring websites in China to proactively bringing them down.

Techcrunch

« U.S. Government Support Insurers Protection from Cyber Hacks
NSA: 'Backdoors are a Bad Idea - Give us a Front Door Key' »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Cysec Resource Co (CRC)

Cysec Resource Co (CRC)

We offer expertise in information and cyber security, sourcing individuals and teams who provide information security expertise to the public and private sector.

IPCopper

IPCopper

IPCopper specializes in network packet capture appliances for cybersecurity, cybersurveillance and network monitoring, and encrypted data storage.

Logz.io

Logz.io

Logz.io is an AI-powered log analysis platform that offers the open source ELK Stack as a enterprise-grade cloud service with machine learning technology.

Red Canary

Red Canary

Red Canary continuously monitors and analyzes your endpoints, users, and network activity in search of threatening behaviors, patterns, and signatures.

Aptible

Aptible

Security Management and Compliance for Developers. Aptible helps teams pass information security audits and deploy audit-ready apps and databases.

XPO IT Services

XPO IT Services

XPO IT Services are dedicated to providing secure, high quality IT recycling and asset disposal services.

Red4Sec

Red4Sec

Red4Sec are experts in ethical hacking, audits of web and mobile applications, code audits, cryptocurrency audits, perimeter security and incident response.

CYRISMA

CYRISMA

CYRISMA is a revolutionary cybersecurity platform that helps organizations manage risk without the usual headaches associated with enterprise cybersecurity tools.

Rostelecom Solar

Rostelecom Solar

Rostelecom-Solar is a Cyber Security Company, providing software and managed detection and response (MDR) services to protect critical information from advanced cyber threats.

Componolit

Componolit

Componolit GmbH is a highly specialized company with a strong emphasis on trustworthy software, component-based systems and formal verification.

Maritime Cyber Threats Research Group - University of Plymouth

Maritime Cyber Threats Research Group - University of Plymouth

The Maritime Cyber Threats research group of the University of Plymouth is focused on investigating marine cyber threats and researching solutions.

GuardYoo

GuardYoo

GuardYoo's SaaS platform allows cybersecurity professionals to perform Compromise Assessment remotely from anywhere in the world.

Hexiosec

Hexiosec

Hexiosec (formerly Red Maple Technologies) is a technical consultancy and product company founded and run by engineers from the UK Intelligence and Defence communities.

InnovateHer

InnovateHer

At InnovateHer, our vision is to make the tech sector more equitable, by increasing diversity across the spectrum and creating more inclusive workplaces.

Control D

Control D

Control D is a modern and customizable DNS service that blocks threats, unwanted content and ads - on all devices.

CASwell

CASwell

Caswell is an industry-leading OEM/ODM specializing in networking, security, SD-WAN, NFV, telecommunication and IoT applications.