Great Cannon

Courtesy of Highlight Press

It is widely known that in China, the Internet isn’t so open. Many common free email providers like Google or Yahoo are banned, as are many social media and news sites. In fact, you can see a list of well-known banned sites here. Sites like GreatFire.org have monitored censorship for years and provide users both inside and outside of the People’s Republic of China the ability to know what is blocked and if there have been any changes. In fact, you can head on over to greatfirewallofchina.org and plug in any Internet-facing site to see if and where it is blocked. Naturally, I checked to see how TechSmash fared:

Succes! Ni hao (potential) Chinese readers!

Succes! Ni hao (potential) Chinese readers!

But what is this new Great Cannon (GC) everyone is talking about? While the Great Firewall (GFW) is portrayed as a means to keep bad ideas out of China, the GC is purely offensive. The GFW doesn’t sit between a Chinese user and Google.com per se, but it does command both sides to stop talking to each other. You can think of it as a three-person call where two people are in the same room and a third is remote. The first two start talking and the third tells them to stop by ending the call. There are ways to get around this, but we won’t go into them. Unlike the GFW, the GC is a system positioned to be inline and because it sits where it does, it can change the traffic going out of China or hijack traffic to overload certain sites. While both tools serve different purposes, they are part of the overarching Golden Shield Project.

This shows how both the GFW and GC work.

This shows how the Great Firewall  and Great Cannon work. The difference is that with the GC, traffic is rerouted as opposed to simply blocked (RST = reset).

We first found out about the GC when Citizen Lab released a report on April 10th. The report details how GreatFire.org noticed that the servers they use to provide access to blocked websites in China was experiencing a Distributed Denial of Service (DDoS) attack on March 16th. Ten days later, two GitHub pages managed by the organization were attacked in the same fashion.

 After some sleuthing, it was discovered that the malicious code may have been engineered by China’s largest search engine, Baidu. It works like this: code embedded in the Baidu search engine tells a user’s web browser to hit the two GreatFire-managed GitHub sites in addition to whatever the user is searching. According to the GitHub status page, the attack lasted a whopping 113 hours.

While many reading this article may not be directly affected by these attacks, we should not disregard them as white noise. The fact that China (or not China) is (allegedly) weaponizing traffic flowing out of one of the most populous countries in the world is disconcerting at best. Who is to stop them from attacking sites which provide support for critical infrastructure like dams, power grids, or computer networks?

 Enforcing censorship on hundreds of millions of connected citizens of China must be tough and ridiculously complex. It must be irking when someone provides said citizens with options, with places where they can freely learn, be entertained, and connect with others.

Have you ever been affected by a Denial of Service attack? Let us know in the comments.