By Andrea Peterson | Washington Post
ON THE WEB, 11 April 2015
China has moved beyond censoring Internet content seen by its own citizens to using a new cyberweapon researchers have dubbed “the Great Cannon” to silence critics around the world, according to a report released Friday.
The first use of this capability was a weeks-long attack against Web sites that offer tools to help users evade Chinese censorship. By sending crippling amounts of Web traffic, the attacks attempted to knock offline the anti-censorship site GreatFire as well as GitHub, a San Francisco-based Web service that is popular with programmers.
“This is very much an escalation,” said Bill Marczak, one of the authors of the report by the Citizen Lab at the University of Toronto’s Munk School of Global Affairs. While China long has used the Great Firewall – as its censorship system is called – to block users within the country from accessing news stories or other information it deems inappropriate, the recent attack reached beyond international borders and effectively blocked a wide range of content for Web users around the world.
China took control of millions of Web browsers and used them to send a flood of traffic to GreatFire, according to an earlier report from the non-profit, and later to GitHub.
But the type of assault used against the sites, known as a distributed denial of service attack or DDoS, represents only a small fraction of the possible uses of this tool, according to the Citizen Lab. The Great Cannon likely could also be used to deliver malicious code to any computer visiting a Web site based in China that does not use encryption to protect the privacy of its users.
China has become more brazen about attempting to block what its citizens see online under President Xi Jinping, who is trying to promote domestic stability, according to Center for Strategic and International Studies senior fellow James A. Lewis. “Getting control over the Internet and information is a big priority for the Chinese – they’re going after things they used to tolerate, and you’re seeing a general clampdown,” he said.
The recent attacks against GreatFire and GitHub appear to show that the country is willing to put ideological control over other goals such as the economic success of its tech sector, which could be damaged by censorship efforts, said Sarah McKune, another of the report authors.
The U.S. government has expressed concern about the recent attacks. “Malicious cyber actors who target critical infrastructure, U.S. companies, and U.S. consumers are a threat to the national security and the economy of the United States, and we are particularly concerned about activity that is intended to restrict the ability of users around the world to access information,” State Department spokesman Alec Gerlach said in a statement.
“In this case, the attackers appeared to have leveraged Internet infrastructure located in China to overwhelm Web sites in the United States,” Gerlach said. U.S. officials have asked China to investigate the incidents, he said.
The Chinese Embassy did not directly respond to questions about the Citizen Lab report or the attacks on GreatFire and GitHub. China supports the development of “Internet news communications” and “at the same time guarantees the citizens’ freedom of speech,” Embassy spokesman Zhu Haiquan said in a statement.
“China firmly opposes and combats any form of cyberattack in accordance with law,” Haiquan said. “We hope that instead of making accusations without solid evidence, all relevant parties can take a more constructive attitude and work together to address cyberissues.”
Previous analyses of the recent attacks suggested they originated from the Great Firewall. But the Citizen Lab says the Great Cannon is a separate offensive device, albeit one that shares many similarities with the Great Firewall.
The Great Cannon appears to work by altering un-encrypted traffic as it crosses borders with China, according to the researchers.
It exists in the same part of Chinese Internet infrastructure as the Great Firewall and shares some computer code with it. The effect of the attack could be detected across different Chinese Internet service providers, suggesting government involvement in the attack, according to the researchers.
“There’s no other reasonable explanation for the technical findings here than that this was an attack launched by the Chinese government,” according to McKune, adding that questions remain about which parts of the government were aware of or involved in the Great Cannon’s development and use.
Revelations about U.S. government surveillance programs in recent years may have also given China more confidence about acting aggressively in cyberspace, McKune said. The Great Cannon’s ability to insert malicious code into Web traffic is similar to the capabilities of a National Security Agency program known as Quantum, which was disclosed by former government contractor Edward Snowden, she said.
The most effective way to defuse the Great Cannon is to encrypt more Web traffic, according to the Citizen Lab researchers.
“We are now in a world where any unencrypted traffic seen by an adversary is not just an information leak, but a weakness they can exploit,” said Nicholas Weaver, another report author. The only defense is universal encryption, he said.
The Chinese government is aware that combating the spread of encryption software is an important part of controlling their citizens online activities, according to Citizen Lab. Earlier this year, China pushed a proposal that would have required foreign tech companies to hand over the keys that secure their encryption systems in order to operate in the country — although it has reportedly since put it on hold.