China has debuted an accessory to its wryly nicknamed “Great Firewall”—the apparatus through which the country effectuates Internet censorship. And this one goes on the offensive.
Dubbed the “Great Cannon” by researchers at the Citizen Lab, a research and development arm at the University of Toronto, Canada, who released a report revealing the attack tool on Friday, China’s new weapon has the power to blitz websites with traffic hijacked from unsuspecting Internet users. With a simple modification, the tool can even disseminate malware, the report says.
“The operational deployment of the Great Cannon represents a significant escalation in state-level information control: the normalization of widespread use of an attack tool to enforce censorship by weaponizing users,” the report says. The researchers compare the tool’s capabilities to the United States’ National Security Agency’s QUANTUM program, “affording China the opportunity to deliver exploits targeting any foreign computer that communicates with any China-based website not fully utilizing HTTPS,” a protocol (aka Hyper-Text Transfer Protocol Secure) that encrypts web page requests and content between users and servers.
China’s “Great Cannon” was launched a highly public way, the researchers allege, in recent attacks against the anti-censorship project GreatFire as well as those of the San Francisco-based code-sharing site GitHub, which hosts pages featuring links to content restricted in China such as the Chinese language version of the New York Times. The country’s electronic artillery appears to have blasted those sites’ servers with unencrypted traffic redirected from the Chinese search engine Baidu. (While Baidu has claimed no involvement, the Chinese government has not denied involvement.)
The days-long distributed denial of service attack, as such raids are known, lasted until early April, the report says. It was the largest attack of its kind in GitHub’s history.
Based on the weapon’s network position across different Chinese Internet service providers and based on similarities in its source code to the “Great Firewall,” the researchers “believe there is compelling evidence that the Chinese government operates the GC,” an abbreviation for their nickname “Great Cannon.” Given how loudly the weapon seems to have been inaugurated, the researchers further ponder its political intent:
We remain puzzled as to why the GC’s operator chose to first employ its capabilities in such a publicly visible fashion. Conducting such a widespread attack clearly demonstrates the weaponization of the Chinese Internet to co-opt arbitrary computers across the web and outside of China to achieve China’s policy ends. The repurposing of the devices of unwitting users in foreign jurisdictions for covert attacks in the interests of one country’s national priorities is a dangerous precedent — contrary to international norms and in violation of widespread domestic laws prohibiting the unauthorized use of computing and networked systems.
The report adds: “Deployment of the GC may also reflect a desire to counter what the Chinese government perceives as US hegemony in cyberspace.”
Lately, China appears somewhat to be tipping its hand in cyber space, having recently indirectly admitted to having cyber warfare forces. The “Great Cannon” announcement seems to have gone off with more of a bang (though, again, the Chinese government has neither confirmed nor denied responsibility).
Still most official statements issued by Chinese government representatives are less than forthcoming. In responding to a FireEye (FEYE) report on Monday alleging that China has been spying on Southeast Asian and Indian governments and businesses for a decade, a spokesman for the foreign ministry said: “I want to stress that the Chinese government resolutely bans and cracks down on any hacking acts. This position is clear and consistent. Hacking attacks are a joint problem faced by the international community and need to be dealt with cooperatively rather than via mutual censure.” (Since taking office in fall 2012, Chinese President Xi Jinping has been cracking down on at least one thing: the press.)
The Citizen Lab report builds on previous analyses of the so-called DDoS attacks against GreatFire and GitHub, including research performed by security organizations such as Insight Labs, Netresec, and Errata Security. The latest report delineates in greater detail the differences between this new addition to China’s digital arsenal—the “Great Cannon”—and its already well-known counterpart, the “Great Firewall.”
To prevent your Internet browsing sessions from being co-opted for the purposes of a “Great Cannon”-style attack, ensure that your destination URL begins with “https.” For more technical details, read Citizen Lab’s full analysis here.
Watch more business news from Fortune:
