‘Great Cannon’ China’s Weapon Shoots Down Internet Sites

Uploaded on 2015-07-07 in INTELLIGENCE-Hot Spots-China, GOVERNMENT-National, FREE TO VIEW, NEWS-Cybersecurity News, TECHNOLOGY--Hackers

China's new weapon: The Great Cannon to shoot down any internet site

China is widely suspected to be behind the recent attacks on GitHub and Internet freedom group Great Fire. Now we have the most concrete evidence that indeed it was, and it looks like it did so using a new weapon to boot. That’s according to a report from Citizen Lab - an ICT, security and human rights lab based within the Munk School of Global Affairs at the University of Toronto. Citizen Lab looked into these recent attacks and identified ‘Great Cannon’, a tool built to intercept data and redirect it to specific sites, as the attack system responsible for them.

The recent attacks are the first instances of the Great Cannon being deployed, and they are notable for a few reasons. Scale is one of them: Great Fire claimed “millions” of users were compromised for the attack it suffered, which hijacked Baidu and pushed the organization’s Amazon hosting bill to $30,000 per day. It is also persistent: GitHub said it faced the largest attack in its history, which was ongoing for five days.

The Citizen Lab report surfaced some evidence showing commonalities between China’s Great Firewall censorship system and Great Cannon. That’s another indicator that China was behind these malicious attacks, something it denies, but there is also concern that China’s new internet weapon could be used for more specific and targeted attacks.

The Edward Snowden leaks revealed the existence of QUANTUM, an NSA tool that could plant malware on millions of computers. Citizen Lab said that, with slight moderations, China’s Great Cannon could act in a similar way:

A technically simple change in the Great Cannon’s configuration, switching to operating on traffic from a specific IP address rather than to a specific address, would allow its operator to deliver malware to targeted individuals who communicates with any Chinese server not employing cryptographic protections.

The discovery of this tool is another reminder of the importance of secure browsing technology, like HTTPS, since weak security systems can undermine the safety of Internet users browsing websites. Furthermore, with the tool now exposed to the world, what were China’s motives for using it in such a public way? It could be that it was meant as a warning to other sites that challenge its censorship and regime so directly, but, either way, it represents a worrying change in policy from defensively censoring websites in China to proactively bringing them down.

Techcrunch

« U.S. Government Support Insurers Protection from Cyber Hacks
NSA: 'Backdoors are a Bad Idea - Give us a Front Door Key' »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Spiceworks

Spiceworks

Spiceworks provide a range of free apps for IT professionals including network inventory, network monitor, and help desk.

Infowhiz solutions

Infowhiz solutions

Infowhiz provides solutions for backup/disaster recovery and network security.

Bounga Informatics

Bounga Informatics

Bounga Informatics provides Digital Forensics, E-Discovery, and Endpoint Security software, hardware, and training in Singapore and other countries in Asia Pacific.

CyberTech Network

CyberTech Network

CyberTECH is a global cybersecurity, Internet of Things (IoT) and Smart City network ecosystem and incubator operator.

FRSecure

FRSecure

FRSecure is a full-service information security management company that protects sensitive, confidential business information from unauthorized access, disclosure, distribution and destruction.

CopSonic

CopSonic

Copsonic provide a technology solution based on ultrasonic waves to send secure and encrypted data between two devices in order to achieve authentication.

VXRL

VXRL

VXRL is a Hong Kong-based cybersecurity company. We provide consulting services, penetration testing, and corporate training.

Sponge

Sponge

Sponge is a world-renowned digital learning provider on a mission to make learning unforgettable.

ComoNExT Innovation Hub

ComoNExT Innovation Hub

ComoNExT is a Digital Innovation Hub and a startup incubator with a focus on the issues of digital transformation and Industry 4.0.

Adlumin

Adlumin

Adlumin Inc. provides the enterprise-grade security operations platform and managed detection and response services that keep mid-market organizations secure.

JM Search

JM Search

JM Search’s Information Technology Executives Practice sources the most sought-after technology roles including CIO, CTO, CISO, CDO and other senior posts.

PacketViper

PacketViper

PacketViper’s Deception360 actively defends networks with deception-based threat detection and automated response to both external and internal cyber threats.

NORMA Cyber

NORMA Cyber

NORMA Cyber delivers centralised cyber security services to Norwegian shipowners and other entities within the Norwegian maritime sector.

LockMagic

LockMagic

Lockmagic is an information asset management solution to protect, track, audit and control accesses to sensitive information inside and outside your organization.

Beaming

Beaming

Beaming is an established Internet Service Provider for businesses across the UK. We deliver reliable voice, data and managed services, including cybersecurity.

Lyvoc

Lyvoc

Lyvoc is a premier cybersecurity integration partner renowned for its expertise in supporting its clients to accelerate and secure their digital transformation.