When it comes to digital censorship, China does it best. In fact, as enemies of the freedom of speech movement on the internet, one nation has devised ingenious ways for covering their tracks and making sure that the Chinese public does not see websites or an unadulterated view outside of the "Great Firewall". But in a new study published this week by the University of Toronto and the University of California, Berkeley, researchers are saying that China's recent attacks on the internet instead used a new weapon-and it's one with far more nefarious applications.
Last month China began flooding websites within the United States with a barrage of internet traffic, in what initial security reports believed to be an action of the "Great Firewall" to cripple services and redirect overwhelming traffic to its targets. But now researchers know that it wasn't the "Great Firewall" at all, and they're dubbing a new weapon that they call the "Great Cannon" as the new threat looming on the horizon.
In the study, researchers in collaboration with CitizenLab, found that targeted sites were being flooded with redirected traffic from China's main filtering search engine Baidu, and looking more into the attack they were able to see just how the targeted sites were crippled, and why.
"On March 16, GreatFire.org observed that servers they had rented to make blocked websites accessible in China were being targeted by a DDoS attack. On March 26, two GitHub pages run by GreatFire.org also came under the same type of attacks. Both attacks appear targeted at services designed to circumvent Chinese censorship" lead author of the study, Bill Marczak says. "We show that, while the attack infrastructure is co-located with the Great Firewall, the attack was carried out by a separate offensive system, with different capabilities and design, that we term the 'Great Cannon'."
"The Great Cannon is not simply an extension of the Great Firewall, but a distinct attack tool that hijacks traffic to (or presumably from) individual IP addresses, and can arbitrarily replace unencrypted content as a man-in-the-middle."
Used to intercept web content and traffic intended for Baidu, the new weapon injected malicious code into the foreign web traffic and repurposed it for a full-frontal attack on sites looking to circumvent Chinese censorship laws. But the researchers say that the deployment of the new weapon reveals a significant escalation in this form of censorship, and warn that the Great Cannon may have more powerful capabilities than what they thought it could. In fact, with a few minor adjustments, they could feasibly spy on anyone who fetches content hosted on a Chinese computer, so nearly all Torrent downloads could leave you liable to Chinese supervision.