When anti-Chinese censorship services got hit with a crippling distributed-denial-of-service attack last month, researchers promptly pegged China as the culprit. Now, Citizen Lab has pinpointed the Chinese tool that produced this attack occur. They’re calling…
When anti-Chinese censorship services got hit with a crippling distributed-denial-of-service attack last month, researchers promptly pegged China as the culprit. Now, Citizen Lab has pinpointed the Chinese tool that produced this attack occur. They’re calling it the Fantastic Cannon.
Separate from but positioned within China’s Wonderful Firewall, this “Great Cannon” injects malicious code as a way to enforce state censorship, by working with cyberattacks to damage solutions that help folks inside China see banned content.
The Excellent Cannon is not merely an extension of the Fantastic Firewall, but a distinct attack tool that hijacks website traffic to (or presumably from) person IP addresses, and can arbitrarily replace unencrypted content material as a man-in-the-middle.
With this most recent DDoS attack, the Wonderful Cannon worked by weaponizing the internet site visitors of visitors to Baidu or any website that utilised Baidu’s comprehensive ad network. This suggests any one visiting a Baidu-affiliated from anyplace in the planet was vulnerable to obtaining their internet visitors hijacked and turned into a weapon to flood anti-censorship internet sites with too a lot targeted traffic.
This distinct attack had a narrow target: Particular web sites recognized to circumvent Chinese censorship. But Citizen Lab thinks the Terrific Cannon could be utilised in a substantially broader way. Due to the fact it is capable of making a complete-blown man-in-the-middle attack, it could be made use of to intercept unencrypted emails, for example.
The attack launched by the Good Cannon seems somewhat apparent and coarse: a denial-of-service attack on services objectionable to the Chinese government. However the attack itself indicates a far far more significant capability: an potential to “exploit by IP address”. This possibility, not yet observed but a function of its architecture, represents a potent cyberattack capability.
As Citizen Lab’s researchers note, it’s fairly strange that China would show off this strong weapon by applying it in such a pointed attack.
Conducting such a widespread attack clearly demonstrates the weaponization of the Chinese Online to co-opt arbitrary computer systems across the net and outside of China to obtain China’s policy ends.
The only silver lining here is that this could prompt a far more urgent push to switch to HTTPS, given that the Good Cannon only operates on HTTP. This attack tends to make it painfully apparent that utilizing HTTPS isn’t just a smart safeguard— it is a required precaution against effective state-sponsored cyberattacks.