Late last month, China began flooding American websites with a barrage of Internet traffic in an apparent effort to take out services that allow China’s Internet users to view websites otherwise blocked in the country.
Initial security reports suggested that China had crippled the services by exploiting its own Internet filter — known as the Great Firewall — to redirect overwhelming amounts of traffic to its targets. Now, researchers at the University of California, Berkeley and the University of Toronto say China did not use the Great Firewall after all, but rather a powerful new weapon that they are calling the Great Cannon.
The Great Cannon, the researchers said in a report published on Friday, allows China to intercept foreign web traffic as it flows to Chinese websites, inject malicious code and repurpose the traffic as Beijing sees fit.
The system was used, they said, to intercept web and advertising traffic intended for Baidu — China’s biggest search engine company — and fire it at GitHub, a popular site for programmers, and GreatFire.org, a nonprofit that runs mirror images of sites that are blocked inside China. The attacks against the services continued on Thursday, the researchers said, even though both sites appeared to be operating normally.
But the researchers suggested that the system could have more powerful capabilities. With a few tweaks, the Great Cannon could be used to spy on anyone who happens to fetch content hosted on a Chinese computer, even by visiting a non-Chinese website that contains Chinese advertising content.
“The operational deployment of the Great Cannon represents a significant escalation in state-level information control,” the researchers said in their report. It is, they said, “the normalization of widespread and public use of an attack tool to enforce censorship.”
The researchers, who have previously done extensive research into government surveillance tools, found that while the infrastructure and code for the attacks bear similarities to the Great Firewall, the attacks came from a separate device. The device has the ability not only to snoop on Internet traffic but also to alter the traffic and direct it — on a giant scale — to any website, in what is called a “man in the middle attack.”
China’s new Internet weapon, the report says, is similar to one developed and used by the National Security Agency and its British counterpart, GCHQ, a system outlined in classified documents leaked by Edward J. Snowden, the former United States intelligence contractor. The American system, according to the documents, which were published by The Intercept, can deploy a system of programs that can intercept web traffic on a mass scale and redirect it to a site of their choosing. The N.S.A. and its partners appear to use the programs for targeted surveillance, whereas China appears to use the Great Cannon for an aggressive form of censorship.
The similarities of the programs may put American officials on awkward footing, the researchers argue in their report. “This precedent will make it difficult for Western governments to credibly complain about others utilizing similar techniques,” they write.
Still, the Chinese program illustrates how far officials in Beijing are willing to go to censor Internet content they deem hostile. “This is just one part of President Xi Jinping’s push to gain tighter control over the Internet and remove any challenges to the party,” said James A. Lewis, a security expert at the Center for Strategic Studies in Washington.
Click here to read more.
SOURCE: NY Times, Nicole Perlroth