China’s ‘Great Cannon’ turns into Cyber-weapons

According to a new report from Citizen Lab, China has been developing a new way to intercept and redirect internet traffic destined for its top online search service, possibly for the purpose of unsettling series of denial-of-service attacks aimed at sidelining sites that distribute anti-censorship tools.

China is widely suspected of being behind the recent attack against Github, which was overloaded via “an ongoing and evolving large DDOS attack.” Now Github’s attackers are allegedly using the Cannon to redirect that traffic from Chinese search engine giant Baidu to demolish the website.

Experts believe that China’s Great Firewall has the capability of blocking Web surfers from within the country to access online sites that host content considered as prohibited by the Chinese government. But according to researchers, this latest censorship innovation targeted Web surfers from outside the country who were requesting various pages associated with Baidu.

The attack on Github worked by tampering with an analytics script that the Chinese web giant Baidu distributes. Anyone visiting a site with the script would normally send back data to Baidu and receive a reply, but the Cannon intercepted that data in transit, inserting a new script that would blast Github with bad traffic.

As reported by Weaver, the attacks from the Great Cannon do not succeed when people browse Chinese sites with a Web address that begins with “https://”, meaning that regular Internet users can limit their exposure to these attacks by insisting that all Internet communications are routed over “https” versus unencrypted “http://” connections in their browsers. A number of third-party browser plug-ins — such as https-everywhere — can help people accomplish this goal.

The report concludes that Chinese censors could just have easily served malicious code to exploit known Web browser vulnerabilities.

Baidu was a captivating target for the Great Cannon because of its widely used analytics script. However, the capabilities of the Great Cannon are public so it may become more alert to using code that might be vulnerable to it.

US retaliation was called for the Github attack as it had been described as “attacks by a nation state against key United States internet infrastructure.” The NSA has similar capabilities through the QUANTUM program, revealed by Edward Snowden, but it has never used them in such an aggressive and public way.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

The Complete OSINT Tutorial to Find Personal Information About Anyone

This article mainly focuses on how to discover a person's digital footprint and gather personal data by using open-source intelligence (OSINT). So, in its...

How to find the password of hacked email addresses using OSINT

Open-source intelligence or OSINT is a potent technique, and it can give a lot of valuable information, if implemented correctly with the right strategy...

How to Identify Company’s Hacked Email Addresses Using Maltego & HaveIbeenPawned

This article is part of the Maltego OSINT tutorial, where you will learn to identify the already hacked account, and it’s password using the...

5 Key Vulnerabilities in Global Payroll

The cyber threat against payroll is growing in sophistication and frequency, according to the latest FBI cybercrime report. Many of these attacks exploit fixable...