New strategy seeks to shut down websites which help the Chinese get around the ‘Great Firewall’
China has expanded its internet censorship efforts beyond its borders with a new strategy that attacks websites across the globe, researchers said.
The new strategy, dubbed “Great Cannon,” seeked to shut down websites and services aimed at helping the Chinese circumvent the “Great Firewall,” according to a report by the Citizen Lab at the University of Toronto.
“While the attack infrastructure is co-located with the Great Firewall, the attack was carried out by a separate offensive system, with different capabilities and design, that we term the ‘Great Cannon’,” it said. “The Great Cannon is not simply an extension of the Great Firewall, but a distinct attack tool that hijacks traffic to (or presumably from) individual IP addresses.”
The report supports claims by the activist organisation GreatFire, which last month claimed China was seeking to shut down its websites that offer “mirrored” content from blocked websites like those of the New York Times and others.
The technique involves hijacking internet traffic to the big Chinese search engine Baidu and using that in “denial of service” attacks which flood a website in an effort to knock it offline.
The report authors said the new tool represented “a significant escalation in state-level information control” by using “an attack tool to enforce censorship by weaponising users.”
The Great Cannon manipulated the traffic of “bystander” systems including “any foreign computer that communicates with any China-based website not fully utilising (encryption).”
The Citizen Lab researchers said they found “compelling evidence that the Chinese government operates the GC [Great Cannon]”, despite Beijing’s denials of involvement in cyberattacks.
Because the Great Cannon shared code and infrastructure with the Great Firewall, this “strongly suggests a governmental actor”, said the report, which included collaboration from researchers at the University of California and Princeton University.
The researchers said that deploying the Great Cannon “is a major shift in tactics”, and that it would likely “require the approval of high-level authorities within the Chinese government”.
“The government’s reasoning for deploying the GC here is unclear, but it may wish to confront the threat presented to the Communist Party of China’s ideological control by the ‘collateral freedom’ strategy advanced by GreatFire.org and others,” the report said.
The report also indicated China and the Great Cannon were responsible for the attack on GitHub, a software collaboration website that is also used by Chinese dissidents to circumvent censorship.
The attack tool, said the researchers, gave China capability similar to that of the US National Security Agency’s Quantum program described in documents leaked by former NSA contractor turned whistleblower Edward Snowden.
But the report said it is unclear why China was doing this overtly.
“We remain puzzled as to why the [Great Cannon) operator chose to first employ its capabilities in such a publicly visible fashion,” the report said.
“Conducting such a widespread attack clearly demonstrates the weaponisation of the Chinese internet to co-opt arbitrary computers across the web and outside of China to achieve China’s policy ends.”
It said the technique “is a dangerous precedent”.