‘Great Cannon’ China’s Weapon Shoots Down Internet Sites

China's new weapon: The Great Cannon to shoot down any internet site

China is widely suspected to be behind the recent attacks on GitHub and Internet freedom group Great Fire. Now we have the most concrete evidence that indeed it was, and it looks like it did so using a new weapon to boot. That’s according to a report from Citizen Lab - an ICT, security and human rights lab based within the Munk School of Global Affairs at the University of Toronto. Citizen Lab looked into these recent attacks and identified ‘Great Cannon’, a tool built to intercept data and redirect it to specific sites, as the attack system responsible for them.

The recent attacks are the first instances of the Great Cannon being deployed, and they are notable for a few reasons. Scale is one of them: Great Fire claimed “millions” of users were compromised for the attack it suffered, which hijacked Baidu and pushed the organization’s Amazon hosting bill to $30,000 per day. It is also persistent: GitHub said it faced the largest attack in its history, which was ongoing for five days.

The Citizen Lab report surfaced some evidence showing commonalities between China’s Great Firewall censorship system and Great Cannon. That’s another indicator that China was behind these malicious attacks, something it denies, but there is also concern that China’s new internet weapon could be used for more specific and targeted attacks.

The Edward Snowden leaks revealed the existence of QUANTUM, an NSA tool that could plant malware on millions of computers. Citizen Lab said that, with slight moderations, China’s Great Cannon could act in a similar way:

A technically simple change in the Great Cannon’s configuration, switching to operating on traffic from a specific IP address rather than to a specific address, would allow its operator to deliver malware to targeted individuals who communicates with any Chinese server not employing cryptographic protections.

The discovery of this tool is another reminder of the importance of secure browsing technology, like HTTPS, since weak security systems can undermine the safety of Internet users browsing websites. Furthermore, with the tool now exposed to the world, what were China’s motives for using it in such a public way? It could be that it was meant as a warning to other sites that challenge its censorship and regime so directly, but, either way, it represents a worrying change in policy from defensively censoring websites in China to proactively bringing them down.

Techcrunch

« U.S. Government Support Insurers Protection from Cyber Hacks
NSA: 'Backdoors are a Bad Idea - Give us a Front Door Key' »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Conscio Technologies

Conscio Technologies

Conscio Technologies is a specialist in IT security awareness. Our solutions allow you to easily manage innovative online IT awareness campaigns.

ISACA

ISACA

ISACA is a global professional association and learning organization for members who work in information security, governance, assurance, rissk and privacy.

Open Networking Foundation (ONF)

Open Networking Foundation (ONF)

The Open Networking Foundation (ONF) is a non-profit operator led consortium driving transformation of network infrastructure and carrier business models.

Cyber Risk Agency

Cyber Risk Agency

Cyber Risk Agency is a cybersecurity consulting firm specializing in managing cyber risks for SMEs.

Foresite

Foresite

Foresite is a global service provider, delivering a range of managed security and consulting solutions.

Critifence

Critifence

Critifence provides unique Cyber Security solutions designed for Critical Infrastructure, SCADA and Industrial Control Systems.

Dark Cubed

Dark Cubed

Dark Cubed is an easy-to-use cyber security software as a service (SaaS) platform that deploys instantly and delivers enterprise-grade threat identification and protection at a fraction of the cost.

Cybeats Technologies

Cybeats Technologies

Cybeats delivers an integrated security platform designed to secure and protect high-valued connected devices.

24By7Security

24By7Security

24By7Security are Cybersecurity & Compliance Specialists with extensive hands on experience helping businesses build a defensive IT Infrastructure against all cyber security threats.

Delfigo Security

Delfigo Security

Delfigo Security, a pioneer in intelligent authentication, provides a strong, multi-factor authentication solution to prevent identity theft and reduce fraud.

HB-Technologies

HB-Technologies

HB-Technologies is pioneer in Africa, in digital security, embedded electronic and IT solutions based on highly secure smart cards that comply with international standards and norms.

Bleam Cyber Security

Bleam Cyber Security

Bleam is a leading provider of Managed Cyber Security Services and Information Security consulting. We deliver enterprise class security services to UK SME’s to stop data breaches.

Pangu Laboratory

Pangu Laboratory

Beijing Qi an Pangu Laboratory Technology Co., Ltd. was established on the basis of Pangu laboratory, a well-known cyber security team.

Highen Fintech

Highen Fintech

Highen is a blockchain software development company with offices in the United States and development centers in India.

Beround

Beround

Beround is an IT consultancy firm specialized in software testing.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.