Websites blocked in China will no longer have to deal with just the loss of the massive market for their content, but now state-sponsored DDoS attacks that utilize the infrastructure of the ‘Great Firewall’.
According to a report by researchers at the International Computer Science Institute, the University of California Berkeley, and Princeton University, China is re-routing traffic from inside its borders destined for sites it does not approve of to knock them off the web. The ‘Great Cannon’, as the researchers have dubbed this tool, is something of a mix of a man-in-the-middle attack and a classic DDoS attack.
The first victim of this so called data cannon was the code repository GitHub, which hosts tools used to bypass China’s ‘Great Firewall’ and surf the web freely.
According to researchers, traffic heading into the country is injected with malicious JavaScript that connects their computer to a botnet which then directs bandwidth and the government’s target of choice. The report also says that the ‘Great Cannon’ has intercepted traffic used for Baidu’s (NASDAQ: BIDU) advertising network. This means that anyone visiting a website that served ads using this network (which is the same size and scale as Adsense) was part of this botnet.
“The operational deployment of the Great Cannon represents a significant escalation in state-level information control: the normalization of widespread use of an attack tool to enforce censorship by weaponizing users,” the researchers from the University of California at Berkeley and the University of Toronto wrote in a report published Friday. “Specifically, the Cannon manipulates the traffic of ‘bystander’ systems outside China, silently programming their browsers to create a massive DDoS attack.”
In the report the researchers say that the ‘Great Cannon’ represents a highly aggressive change of tactics by China’s government. Recently the ‘Great Firewall’ was upgraded to block most commercial VPNs, further cutting off Chinese netizens from the rest of the world.
Deploying the Great Cannon is a major shift in tactics, and has a highly visible impact,” they authors wrote “It is likely that this attack, with its potential for political backlash would require the approval of high-level authorities within the Chinese government.”
There is, however, one simple way for webmasters to neutralize the effects of the Cannon: use HTTPS. If all traffic was encrypted end-to-end, it would be impossible for a third party to jump in and change things.
