China Unlimbers 'Great Cannon' to Block Web Content It Doesn't Like
NEWS ANALYSIS: China's cyber-warriors try out new attack technology to take out sites it doesn't like, apparently using lessons it learned from the U.S. and U.K.Starting at the end of March, two services on the Internet inexplicably found themselves under a massive distributed denial-of-service (DDoS) attack of such intensity and duration that it was almost certainly state-sponsored. The two services, GreatFire and GitHub, were attacked for about two weeks. According to a report from Citizen Lab, an interdisciplinary function of the Munk School of Global Affairs at the University of Toronto, the cyber-attack capability that struck the two sites is related to and probably located within the "Great Firewall" of China, and for this reason, the researchers named it the "Great Cannon." Its first use was to attack those two sites apparently because they hosted things the Chinese government doesn't like. It's no surprise that GreatFire has earned the enmity of the Chinese government. GreatFire says on its home page that it provides transparency to the Great Firewall of China by publishing information on blocked search terms and other activities by the government to limit Web access to users within China. GitHub may have been targeted because the site, which provides a software development and code-swapping service, includes code to evade Chinese censorship. Researchers at Citizen Lab monitored the activities of the Great Cannon until the attacks stopped on April 8. Then the researchers produced a detailed report on exactly what China was doing and how they were doing it.
I'll avoid getting too deeply into the technical details. For those, you can read the full Citizen Lab report. But what the Chinese attackers did was siphon off a small amount of traffic aimed at China's top search engine, Baidu, and then send it back to the requesting computer as if it were a reply from the search engine. However, the packet stream contained malware that hijacked the requesting computer into a botnet aimed specifically at GreatFire and GitHub.