The 'Great Cannon': How China Turns its Websites Into Cyber Weapons 

By Kate Knibbs on at

When anti-Chinese censorship services got hit with a crippling distributed-denial-of-service attack last month, researchers quickly pegged China as the culprit. Now, Citizen Lab has pinpointed the Chinese tool that made this attack happen. They’re calling it the Great Cannon.

Separate from but located within China’s Great Firewall, this 'Great Cannon' injects malicious code as a way to enforce state censorship, by using cyberattacks to damage services that help people within China see banned content.

The Great Cannon is not simply an extension of the Great Firewall, but a distinct attack tool that hijacks traffic to (or presumably from) individual IP addresses, and can arbitrarily replace unencrypted content as a man-in-the-middle.

With this most recent DDoS attack, the Great Cannon worked by weaponising the web traffic of visitors to Baidu or any website that used Baidu’s extensive ad network. This means anyone visiting a Baidu-affiliated from anywhere in the world was vulnerable to getting their web traffic hijacked and turned into a weapon to flood anti-censorship websites with too much traffic.

This particular attack had a narrow target: Specific sites known to circumvent Chinese censorship. But Citizen Lab thinks the Great Cannon could be used in a much broader way. Since it is capable of producing a full-blown man-in-the-middle attack, it could be used to intercept unencrypted emails, for example.

The attack launched by the Great Cannon appears relatively obvious and coarse: a denial-of-service attack on services objectionable to the Chinese government. Yet the attack itself indicates a far more significant capability: an ability to “exploit by IP address”. This possibility, not yet observed but a feature of its architecture, represents a potent cyberattack capability.

As Citizen Lab’s researchers note, it’s pretty strange that China would show off this powerful weapon by using it in such a pointed attack.

Conducting such a widespread attack clearly demonstrates the weaponisation of the Chinese Internet to co-opt arbitrary computers across the web and outside of China to achieve China’s policy ends.

The only silver lining here is that this may prompt a more urgent push to switch to HTTPS, since the Great Cannon only works on HTTP. This attack makes it painfully obvious that using HTTPS isn’t just a smart safeguard— it’s a necessary precaution against powerful state-sponsored cyberattacks. [Citizen Lab]

Image via Flickr / Dan Hankins