China’s ‘Great Cannon’ turns into Cyber-weapons

According to a new report from Citizen Lab, China has been developing a new way to intercept and redirect internet traffic destined for its top online search service, Baidu.com possibly for the purpose of unsettling series of denial-of-service attacks aimed at sidelining sites that distribute anti-censorship tools.

China is widely suspected of being behind the recent attack against Github, which was overloaded via “an ongoing and evolving large DDOS attack.” Now Github’s attackers are allegedly using the Cannon to redirect that traffic from Chinese search engine giant Baidu to demolish the website.

Experts believe that China’s Great Firewall has the capability of blocking Web surfers from within the country to access online sites that host content considered as prohibited by the Chinese government. But according to researchers, this latest censorship innovation targeted Web surfers from outside the country who were requesting various pages associated with Baidu.

The attack on Github worked by tampering with an analytics script that the Chinese web giant Baidu distributes. Anyone visiting a site with the script would normally send back data to Baidu and receive a reply, but the Cannon intercepted that data in transit, inserting a new script that would blast Github with bad traffic.

As reported by Weaver, the attacks from the Great Cannon do not succeed when people browse Chinese sites with a Web address that begins with “https://”, meaning that regular Internet users can limit their exposure to these attacks by insisting that all Internet communications are routed over “https” versus unencrypted “http://” connections in their browsers. A number of third-party browser plug-ins — such as https-everywhere — can help people accomplish this goal.

The report concludes that Chinese censors could just have easily served malicious code to exploit known Web browser vulnerabilities.

Baidu was a captivating target for the Great Cannon because of its widely used analytics script. However, the capabilities of the Great Cannon are public so it may become more alert to using code that might be vulnerable to it.

US retaliation was called for the Github attack as it had been described as “attacks by a nation state against key United States internet infrastructure.” The NSA has similar capabilities through the QUANTUM program, revealed by Edward Snowden, but it has never used them in such an aggressive and public way.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

What Makes ICS/OT Infrastructure Vulnerable?

Infrastructure security for operational technologies (OT) and industrial control systems (ICS) varies from IT security in several ways, with the inverse confidentiality, integrity, and...

Everything You Must Know About IT/OT Convergence

What is an Operational Technology (OT)? Operational technology (OT) is a technology that primarily monitors and controls physical operations. It can automate and control machines,...

Understand the OT Security and Its Importance

This article discusses OT security and why it is essential for protecting industrial systems from cyberattacks. We will also discuss common control objectives that can...

What is Deepfake, and how does it Affect Cybersecurity?

Producing deepfake is easy. It is hard to detect. They operate with a description of reality rather than reality itself (e.g., a video). Any...