SoylentNews

fliptop writes:

Bruce Schneier commented about a new tool China is using to orchestrate a DoS attack on GreatFire.org, an organization dedicated to resisting China's censorship. From the abstract:

We present a technical analysis of the attack and what it reveals about the Great Cannon's working, underscoring that in essence it constitutes a selective nation-state Man-in-the-Middle attack tool. Although sharing some code similarities and network locations with the Great Firewall, the Great Cannon is a distinct tool, designed to compromise foreign visitors to Chinese sites. We identify the Great Cannon's operational behavior, localize it in the network topology, verify its distinctive side-channel, and attribute the system as likely operated by the Chinese government. We also discuss the substantial policy implications raised by its use, including the potential imposition on any user whose browser might visit (even inadvertently) a Chinese web site.

Full research paper is found here. Some interesting tidbits:

The operational deployment of the GC represents a significant escalation in state-level information control: the normalization of the widespread use of an attack tool to enforce censorship by weaponizing users. Specifically, the GC manipulates the traffic of "bystander" systems outside China, silently programming their browsers to create a massive DDoS attack. While in this case employed for a highly visible attack, the GC clearly has the capability for use in a manner similar to the NSA's QUANTUM system, affording China the opportunity to deliver exploits targeting any foreign computer that communicates with any China-based website not fully protected by HTTPS.

[...] We find compelling evidence that the Chinese government operates the GC. In recent public statements, China deflected questions regarding whether they were behind the attack, instead emphasizing that China often finds itself a victim of cyber attacks A subsequent Chinese news article, containing an explicit denial and a denouncement of our initial public report as false, was itself later censored within China.

[...] What is the Great Cannon's role? Our observations indicate that the GC's design does not reflect technology well-suited for performing traffic censorship. Its operation only examines the first data packet of a given connection and it only examines traffic with targeted IP addresses, which provides a weak censorship mechanism compared to the GFW. More generally, the GC's design does not, in practice, enable it to censor any traffic not already censorable by the GFW. Thus, the evidence indicates that the GC's role is to inject traffic under specific targeted circumstances, not to censor traffic.

Original Submission