China employed a state DDoS tool known as the ‘Great Cannon’ (GC) in a recent attack against GitHub and GreatFire.org in a censorship exercise which makes U.S. Col. Charles W. Williamson III’s previously proposed Air Force DDoS weapon sound a little less crazy.
The so called Great Cannon of China, which was discovered by researchers at the University of Toronto’s Citizen Lab who have pointed the finger at the Chinese government due to the tool’s co-location with the Great Firewall (GFW), works somewhat like Williamson’s proposed botnet, only it hijacks the traffic of unsuspecting users to perform a man-in-the-middle attack instead of installing the software across a network of government-controlled computers.
By hijacking the traffic of unsuspecting users, China has designed their Distributed Denial of Service (DDoS) tool in such a way as to make preemptive filtering based on IP addresses quite the dilemma, as non-governmental computers accessing the web are being turned into unwitting participants in attacks.
The architecture of the recent attack against GitHub and GreatFire.org, according to Citizen Lab, entails the hijacking of traffic sent from individual IP addresses browsing a website which employs “a Baidu infrastructure server” such as a website serving advertisements from the Chinese search engine’s ad network.
The Citizen Lab report indicated that roughly 1.75 percent of the time “certain Javascript files” were requested by a Internet user’s web-browser, the Great Cannon served a malicious script used to enlist “the requesting user as an unwitting participant in the DDoS attack against GreatFire.org and GitHub.”
If the GC saw a request for certain Javascript files on one of these servers, it appeared to probabilistically take one of two actions: it either passed the request onto Baidu’s servers unmolested (roughly 98.25 percent of the time), or it dropped the request before it reached Baidu and instead sent a malicious script back to the requesting user (roughly 1.75 percent of the time) […] In this case, the requesting user is an individual outside China browsing a website making use of a Baidu infrastructure server (e.g., a website with ads served by Baidu’s ad network). The malicious script enlisted the requesting user as an unwitting participant in the DDoS attack against GreatFire.org and GitHub.
The Chinese-language search engine known as Baidu told The Wall Street Journal that it didn’t take part in the attack.
A DDoS attack, for those who don’t know, is a cyber-attack aimed at overloading resources in order to make them inaccessible. In the case of websites, such attacks have been used to effectively knock websites offline.
Back in January of this year, the group of hackers who were arrested after DDoSing the PlayStation and Xbox Live networks had their DDoS-for-hire service hacked and their entire customer database stolen.
What are your thoughts on China’s Great Cannon?
