1. Skip to content
  2. Skip to main menu
  3. Skip to more DW sites

China's cannon to defend 'Great Firewall'

Sarah SteffenApril 11, 2015

An online tool that has been dubbed the "Great Cannon" is said to have shut down websites that circumvent China's firewall. Researchers believe the Chinese government is behind the attacks.

Symbolbild Great Canon (photo: picture alliance/Robert Harding World Imagery pixel)
Image: picture alliance/Robert Harding World Imagery pixel

China has tightened its grip on Internet control by launching attacks on websites abroad, according to a report by the Citizen Lab at the University of Toronto published on Friday.

A tool - which the researchers dubbed "Great Cannon" - manipulated Internet traffic to Chinese search engine Baidu, and hijacked users' computers to carry out Distributed Denial of Service (DDoS) attacks on websites - meaning the website receives too many requests to handle, thus forcing it to shut down.

The researchers affiliated with the University of Toronto, the University of California, Berkeley and Princeton University looked into recent large-scale attacks on websites - GreatFire.org and GitHub - that are used to circumvent China's Great Firewall by offering "mirrored" content from blocked websites like the New York Times and others.

'Escalation in state-level information control'

"The operational deployment of the Great Cannon represents a significant escalation in state-level information control: the normalization of widespread use of an attack tool to enforce censorship by weaponizing users," the researchers said in their report.

"There is compelling evidence that the Chinese government operates the [Great Cannon]," the researchers added. Shared source code and co-location of both the Great Firewall and Great Cannon "strongly suggests a governmental actor".

That view is echoed by Robert Graham of consulting company Errata Security, who tried to track down the origins of the man-in-the-middle attack sending out malicious JavaScript.

A woman walks past the logo of Baidu at its headquarters (photo: LIU JIN/AFP/Getty Images)
The attackers manipulated Internet traffic to Chinese search giant Baidu and returned malicious scripts to usersImage: Jin/AFP/Getty Images

"The man-in-the-middle machine attacking GitHub is located on or near the Great Firewall of China," he wrote in a blog post.

"While many explanations are possible, such as hackers breaking into these machines, the overwhelmingly most likely suspect for the source of the GitHub attacks is the Chinese government."

'Major shift in tactics'

"Deploying the Great Cannon is a major shift in tactics" the Citizen Lab researchers said in the report, which would "require the approval of high-level authorities within the Chinese government."

The Chinese government has denied being responsible for the attacks.

The researchers were puzzled that the attackers didn't bother trying to conceal their efforts. "China didn't care about stealth," lead author Nicholas Weaver wrote in a series of Tweets dubbed "Why it scares me".

"I don't think the Chinese necessarily wanted to be discovered, but I also don't think they cared very much if they were," Adam Segal, director of the Program on Digital and Cyberspace Policy at the Council on Foreign Relations told DW in an email. "Revelation of the program serves to announce new capabilities and is part of a new confidence in China's ability in shaping the global internet."

Think you're infected?

Internet users should make sure to use a secure HTTPS connection when browsing.

"The Great Cannon, being a man-in-the-middle device, could use a compromised root certificate issuer to attack encrypted traffic but not only is that harder, but it runs a substantial risk of detection," lead author Weaver, who's with the University of California at Berkeley, told DW in writing. "Once detected, the browsers would remove the certificate."

To get rid of malicious scripts, users should hit "clear history" on the web browser - this "will ensure that the cache is clear, removing any traces."

More risks waiting in the wings

According to the authors, minor tweaks could prompt the Great Cannon to switch gears. "Most tools that can say 'Redirect all traffic destined to a target IP address' can also say 'Redirect all traffic sourced from a target IP address'", Weaver told DW.

"This is very powerful, because with such targeting, the Great Cannon could then switch from 'provide JavaScript which causes your computer to participate in a DDoS attack' to 'provide JavaScript which attempts to exploit your computer using vulnerabilities in your browser.'"

The Great Cannon gives China similar capabilities to tamper with unencrypted Internet traffic to control information or launch attacks - just like US National Security Agency and UK Government Communications Headquarters are able to, the researchers concluded in the report.