Researchers have uncovered a powerful and previously unknown weapon that China's government is brazenly using to knock sites out of commission. Dubbed the Great Cannon, the tool has been used to bombard two anti-censorship GitHub pages with junk traffic, but it just as easily could be used to wage stealthy attacks that silently install malware on the computers of unwitting end users.
As Ars explained previously, the attacks on the pages of anti-censorship service GreatFire.org and a mirror site of the New York Times Chinese edition had some novel characteristics. The junk traffic came from computers of everyday people who browsed to websites that use analytics software from Chinese search engine Baidu to track visitor statistics. About one or two percent of the visits from people outside China had malicious code inserted into their traffic that caused their computers to repeatedly load the two targeted GitHub pages. The malicious JavaScript was the product of the Great Cannon, which China uses to alter traffic passing over its backbone and takes no steps to conceal.
"The operational deployment of the Great Cannon represents a significant escalation in state-level information control: the normalization of widespread use of an attack tool to enforce censorship by weaponizing users," the researchers from the University of California at Berkeley and the University of Toronto wrote in a report published Friday. "Specifically, the Cannon manipulates the traffic of 'bystander' systems outside China, silently programming their browsers to create a massive DDoS attack."