‘Great Cannon’ China’s Weapon Shoots Down Internet Sites

China's new weapon: The Great Cannon to shoot down any internet site

China is widely suspected to be behind the recent attacks on GitHub and Internet freedom group Great Fire. Now we have the most concrete evidence that indeed it was, and it looks like it did so using a new weapon to boot. That’s according to a report from Citizen Lab - an ICT, security and human rights lab based within the Munk School of Global Affairs at the University of Toronto. Citizen Lab looked into these recent attacks and identified ‘Great Cannon’, a tool built to intercept data and redirect it to specific sites, as the attack system responsible for them.

The recent attacks are the first instances of the Great Cannon being deployed, and they are notable for a few reasons. Scale is one of them: Great Fire claimed “millions” of users were compromised for the attack it suffered, which hijacked Baidu and pushed the organization’s Amazon hosting bill to $30,000 per day. It is also persistent: GitHub said it faced the largest attack in its history, which was ongoing for five days.

The Citizen Lab report surfaced some evidence showing commonalities between China’s Great Firewall censorship system and Great Cannon. That’s another indicator that China was behind these malicious attacks, something it denies, but there is also concern that China’s new internet weapon could be used for more specific and targeted attacks.

The Edward Snowden leaks revealed the existence of QUANTUM, an NSA tool that could plant malware on millions of computers. Citizen Lab said that, with slight moderations, China’s Great Cannon could act in a similar way:

A technically simple change in the Great Cannon’s configuration, switching to operating on traffic from a specific IP address rather than to a specific address, would allow its operator to deliver malware to targeted individuals who communicates with any Chinese server not employing cryptographic protections.

The discovery of this tool is another reminder of the importance of secure browsing technology, like HTTPS, since weak security systems can undermine the safety of Internet users browsing websites. Furthermore, with the tool now exposed to the world, what were China’s motives for using it in such a public way? It could be that it was meant as a warning to other sites that challenge its censorship and regime so directly, but, either way, it represents a worrying change in policy from defensively censoring websites in China to proactively bringing them down.

Techcrunch

« U.S. Government Support Insurers Protection from Cyber Hacks
NSA: 'Backdoors are a Bad Idea - Give us a Front Door Key' »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Foundation for Strategic Research (FRS)

Foundation for Strategic Research (FRS)

The Foundation for Strategic Research is France's main independent think tank on strategic, defense and security issues. Cyber security is covered as part of the study areas.

Centre for International Governance Innovation (CIGI)

Centre for International Governance Innovation (CIGI)

CIGI research areas include Conflict Management & Security which encompass cyber security and cyber warfare.

Industrial Cyber Security

Industrial Cyber Security

Industrial Cyber Security provides specialist consulting services in enterprise and SCADA system security.

National Cyber Summit (NCS)

National Cyber Summit (NCS)

The National Cyber Summit is the preeminent event for cyber training, education and workforce development aimed at protecting our nation's infrastructure from the ever-evolving cyber threat.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

jobsDB.com

jobsDB.com

jobsDB Singapore is a search engine for jobs throughout Singapore.

SAP National Security Services (NS2)

SAP National Security Services (NS2)

SAP NS2 are dedicated to delivering the best of SAP innovation, from cloud to predictive analytics; machine learning to data fusion.

Wickr

Wickr

Wickr's mission is to secure the world's most critical communications. Wickr provides the highest standard of encryption trusted by millions worldwide.

SharkStriker

SharkStriker

SharkStriker is a US based managed security services provider with SOCs and offices across the globe.

iVision

iVision

iVision is a technology integration and management firm that engineers success for clients through objective recommendations, process and technology expertise and best-of-breed guidance.

Slamm Technologies

Slamm Technologies

Slamm Technologies is a trusted IT firm that offers Cyber Security Support, Corporate IT Solutions and Professional IT Training courses with international certification.

Cyera

Cyera

Cyera is the data security company that gives businesses context and control over their most valuable asset: data.

dWallet Labs

dWallet Labs

dWallet Labs is a cybersecurity company specializing in blockchain technology. We believe that the future of Web3 relies on cutting edge cryptography and unabated security.

Protos Labs

Protos Labs

Protos Labs enables insurers & enterprises to make better cyber risk decisions through holistic, real-time risk management tools.

Verosint

Verosint

Verosint (formerly 443ID) provides real-time account fraud prevention that reveals fraudsters hiding in user accounts and proactively blocks them before their attacks can cause harm.

Black Bison Cyber

Black Bison Cyber

Black Bison Cyber is a premier cybersecurity firm specializing in elite, discreet, and highly personalized digital protection for high-profile individuals and executives.