We had two Soylents send us news of a new tactic in state-sponsored attempts at silencing undesired content on the internet:
Late last month, China began flooding American websites with a barrage of Internet traffic in an apparent effort to take out services that allow China’s Internet users to view websites otherwise blocked in the country.
Initial security reports suggested that China had crippled the services by exploiting its own Internet filter — known as the Great Firewall — to redirect overwhelming amounts of traffic to its targets. Now, researchers at the University of California, Berkeley, and the University of Toronto say China did not use the Great Firewall after all, but rather a powerful new weapon that they are calling the Great Cannon.
The Great Cannon, the researchers said in a report published Friday ( https://citizenlab.org/2015/04/chinas-great-cannon/ ), allows China to intercept foreign web traffic as it flows to Chinese websites, inject malicious code and re-purpose the traffic as Beijing sees fit.
The system was used, they said, to intercept web and advertising traffic intended for Baidu — China’s biggest search engine company — and fire it at GitHub, a popular site for programmers, and GreatFire.org, a nonprofit that runs mirror images of sites that are blocked inside China. The attacks against the services continued on Thursday, the researchers said, even though both sites appeared to be operating normally.
[Continued after the break.]
Citizen Lab, a Canadian human rights organization, published a report on what it calls the Great Cannon - a DDOS system that they say is deployed by the Chinese government. This system was allegedly used for the recent attack against GitHub.
We show that, while the attack infrastructure is co-located with the Great Firewall, the attack was carried out by a separate offensive system, with different capabilities and design, that we term the “Great Cannon.” The Great Cannon is not simply an extension of the Great Firewall, but a distinct attack tool that hijacks traffic to (or presumably from) individual IP addresses, and can arbitrarily replace unencrypted content as a man-in-the-middle.
The operational deployment of the Great Cannon represents a significant escalation in state-level information control: the normalization of widespread use of an attack tool to enforce censorship by weaponizing users. Specifically, the Cannon manipulates the traffic of “bystander” systems outside China, silently programming their browsers to create a massive DDoS attack. While employed for a highly visible attack in this case, the Great Cannon clearly has the capability for use in a manner similar to the NSA’s QUANTUM system,4 affording China the opportunity to deliver exploits targeting any foreign computer that communicates with any China-based website not fully utilizing HTTPS.
(Score: 5, Interesting) by zocalo on Sunday April 12 2015, @11:59AM
Anyway, it seems like there is a fairly obvious fix for this. Since most advertising traffic is US based, perhaps GitHub could reach out to the big advertising providers like Google, Yahoo!, etc. and see if they might be prepared to either drop the traffic going to Baidu (depriving the PRC of foreign currency always makes them sit up and take note) or just start insisting that it use HTTPS and render the current attack vector moot. I'm sure the PRC (is anyone seriously doubting this isn't officially sanctioned?) can figure out a new approach soon enough, but the more ways they use the more evidence there will be. And the more evidence there is, there's more liklihood that the US might be willing to approve and maybe use that cyber-retaliation law Obama was just talking about. I'm pretty sure the PRC wouldn't been too keen on the NSA taking down the Great Firewall in a way that allowed their population to have completely unrestricted access to the Internet, as a for instance.
UNIX? They're not even circumcised! Savages!
(Score: 1, Informative) by Anonymous Coward on Sunday April 12 2015, @12:42PM
Spin? Why would China need to spin anything? After all, the US govt sees nothing wrong with intercepting *physical goods* in transit to inject malicious payload.
(Score: -1, Troll) by Anonymous Coward on Sunday April 12 2015, @01:35PM
Well, . . . , THOSE guys are doing something else!!! Waaah.
Nice argument from a 10-year-old. This is irrelevant to the story AND the topic.
(Score: 0) by Anonymous Coward on Sunday April 12 2015, @02:47PM
Spin? Why would China need to spin anything? After all, the US govt sees nothing wrong with intercepting *physical goods* in transit to inject malicious payload.
So you are saying that the US govt is the ultimate moral authority?
(Score: 2) by zocalo on Sunday April 12 2015, @04:05PM
Now that the evidence is piling up that the attack is being sourced by HTML/JavaScript injection being perfomed by the Great Firewall, or perhaps this Great Cannon, then claiming "we have nothing to do with it" is tantamount to saying "we're incompetent and have lost control of a key part of our network". As spin, that doesn't work because it doesn't really paint the PRC in a positive light no matter how you interpret it so, given the importance of "face" to their culture, I was wondering if they might have changed their story yet, or are just going to adopt the stony silence approach.
UNIX? They're not even circumcised! Savages!
(Score: 3, Insightful) by kaszz on Sunday April 12 2015, @01:11PM
China will perhaps deny HTTPS through the firewall? And even if they didn't the current CA system allows them to use their CAs to MITM HTTPS anyway. So either browsers need to be redone or traffic to China dropped.
(Score: 2) by zocalo on Sunday April 12 2015, @02:55PM
And on top of all that, making changes that are specifically designed to sustain the DDoS on GitHub will only risk implicating the government further, right when the US is showing signs that it thinks enough is enough and it might be time to be more aggresive in dealing with the problem. It's looking increasingly risky for the Chinese to continue being so brazen about this to me, and unlike many other countries that don't have a national firewall in place, hiding sanctioned attacks behind the noise generated by botnets is a very flimsy excuse when you (presumably) have the capability to block a lot of outbound botnet traffic almost at source.
UNIX? They're not even circumcised! Savages!
(Score: 2) by kaszz on Monday April 13 2015, @12:41AM
If I recall it correctly China owns so much US bonds (government debt) that they can shoot the US economy into the depths of financial crisis that US perhaps isn't too brave. And invading isn't a realistic option either. These two countries can do a tit-for-tat for a long time without getting much net result.
What happend with CNNIC's root cert?
The military might also face a resource problem if supplies is "Made in China" .. ;-)
Perhaps most of that is manufactured in US but then factory lights isn't and the cars that bring people to work is kept running with made in China etc..
(Score: 2) by zocalo on Monday April 13 2015, @07:42AM
CNNIC's CA "lent" one of their root certs to a third party that used it to generate fake TLS certificates for Google domains and put them on a proxy device, e.g. they MITM'd Google's traffic. Google somehow found out and was (as might be expected) somewhat upset. The result is that to varying degrees Google, Mozilla and MS have revoked, or are in the process of revoking, the root level certificate in their browsers and other tools. CNNIC and their customers are currently going through the hassle of having to reissue a lot of certificates and CNNIC is also being required to perform various audits to demonstrate they are worthy of the trust given to a top-level CA. Soylent covered the original news here [soylentnews.org], and the response here [soylentnews.org].
UNIX? They're not even circumcised! Savages!
(Score: 2) by Mr Big in the Pants on Sunday April 12 2015, @07:55PM
Then look it up. My understanding is that the main news orgs are owned by the government and print their propaganda verbatim.
Their propaganda, much like russia, is usually ridiculous and aimed at their citizens rather than the rest of the world. This disconnect makes for very amusing reading at times - such as during the whole Ukraine thing.
When I could be bothered looking int he past China's was usually "shrill" and utterly transparent - but perhaps they have become better at it?
(Score: 2) by Yog-Yogguth on Tuesday April 14 2015, @12:46AM
That's such a curious statement I have to ask: did you meant to type ‘the US’ rather than ‘Russia’? Even by US sources like the DoD it is official that there is US military personnel in Ukraine and the State Department has said there are no Russian armed forces there and as the months passed even the Pentagon had to admit they were right and that there never was any evidence to the contrary.
Yeah not exactly front page stuff in western media, haven't seen any hoopla being made about how the Russians are evacuating US citizens out of Yemen either. Imagine that: if you're an American/Usian in a warzone you're better off asking the Russians for help.
Bite harder Ouroboros, bite! tails.boum.org/ linux USB CD secure desktop IRC *crypt tor (not endorsements (XKeyScore))
(Score: 2) by Mr Big in the Pants on Tuesday April 14 2015, @06:39AM
What complete and utter shite...
Nothing more to say on the matter...