China Cyber Terrorism: The Great Cannon
China Uses Powerful New Weapon to Censor Internet
By NICOLE PERLROTH
China Uses Powerful New Weapon to Censor Internet
By NICOLE PERLROTH
SAN FRANCISCO — Late last month, China began flooding American websites with a barrage of Internet traffic in an apparent effort to take out services that allow China’s Internet users to view websites otherwise blocked in the country.
Initial security reports suggested that China had crippled the services by exploiting its own Internet filter — known as the Great Firewall — to redirect overwhelming amounts of traffic to its targets. Now, researchers at the University of California, Berkeley, and the University of Toronto say China did not use the Great Firewall after all, but rather a powerful new weapon that they are calling the Great Cannon.
The Great Cannon, the researchers said in a report published Friday, allows China to intercept foreign web traffic as it flows to Chinese websites, inject malicious code and repurpose the traffic as Beijing sees fit.
The system was used, they said, to intercept web and advertising traffic intended forBaidu — China’s biggest search engine company — and fire it at GitHub, a popular site for programmers, and GreatFire.org, a nonprofit that runs mirror images of sites that are blocked inside China.
The attacks against the services continued on Thursday, the researchers said, even though both sites appeared to be operating normally.
But the researchers suggested that the system could have more powerful capabilities.
With a few tweaks, the Great Cannon could be used to spy on anyone who happens to fetch content hosted on a Chinese computer, even by visiting a non-Chinese website that contains Chinese advertising content.
“The operational deployment of the Great Cannon represents a significant escalation in state-level information control,” the researchers said in their report.
It is, they said, “the normalization of widespread and public use of an attack tool to enforce censorship.”
The researchers, who have previously done extensive research into government surveillance tools, found that while the infrastructure and code for the attacks bear similarities to the Great Firewall, the attacks came from a separate device.
The device has the ability not only to snoop on Internet traffic but also to alter the traffic and direct it — on a giant scale — to any website, in what is called a “man in the middle attack.”
China’s new Internet weapon, the report says, is similar to one developed and used by the National Security Agency and its British counterpart, GCHQ, a system outlined in classified documents leaked by Edward J. Snowden, the former United States intelligence contractor.
The American system, according to the documents, which were published by The Intercept, can deploy a system of programs that can intercept web traffic on a mass scale and redirect it to a site of their choosing.
The N.S.A. and its partners appear to use the programs for targeted surveillance, whereas China appears to use the Great Cannon for an aggressive form of censorship.
The similarities of the programs may put American officials on awkward footing, the researchers argue in their report.
“This precedent will make it difficult for Western governments to credibly complain about others utilizing similar techniques,” they write.
Still, the Chinese program illustrates how far officials in Beijing are willing to go to censor Internet content they deem hostile.
“This is just one part of Xi Jinping’s push to gain tighter control over the Internet and remove any challenges to the party,” said James A. Lewis, a cybersecurity expert at the Center for Strategic Studies in Washington.
Beijing continues to increase its censorship efforts under its State Internet Information Office, an office created under Xi to gain tighter control over the Internet within the country and to clamp down on online activism.
In a series of recent statements, Lu Wei, China’s Internet czar, has called on the international community to "respect" China’s Internet policies.
Sarah McKune, a senior legal adviser at the Citizen Lab at the Munk School of Global Affairs at the University of Toronto and a co-author of the report, said, “The position of the Chinese government is that efforts to serve what it views as hostile content inside China’s borders is a hostile and provocative act that is a threat to its regime stability and ultimately its national security.”
The attacks also show the extent to which Beijing is willing to sacrifice other national goals, even economic ones, in the name of censorship.
Baidu is China’s most visited site, receiving an estimated 5.2 million unique visitors from the United States in the past 30 days, according to Alexa, a web ranking service.
Kaiser Kuo, a Baidu spokesman, said that Baidu was not complicit in the attacks and that its own networks had not been breached.
But by sweeping up Baidu’s would-be visitors in its attacks, researchers and foreign policy experts say, Beijing could harm the company’s reputation and market share overseas.
Beijing has recently said that it plans to help Chinese Internet companies extend their influence and customer base abroad.
At a meeting of the National People’s Congress in China last month, Premier Li Keqiangannounced a new “Internet Plus” action plan to “encourage the healthy development of e-commerce, industrial networks and Internet banking and to guide Internet-based companies to increase their presence in the international market.”
Yet the latest censorship offensive could become a major problem for Chinese companies looking to expand overseas.
“They know one of their biggest obstacles is the perception that they are tools of the Chinese government,” Mr. Lewis said.
“This is going to hurt Baidu’s chances of becoming a global competitor.”
Researchers say they were able to trace the Great Cannon to the same physical Internet link as China’s Great Firewall and found similarities in the source code of the two initiatives, suggesting that the same authority that operates the Great Firewall is also behind the new cyberweapon.
“Because both the Great Cannon and Great Firewall are operating on the same physical link, we believe they are both being run under the same authority,” said Bill Marczak, a co-author of the report who is a computer science graduate student at the University of California, Berkeley, and a research fellow at Citizen Lab.
Mr. Marczak said researchers’ fear is that China could use its new weapon to attack Internet users, particularly dissidents, without their knowledge.
If they make a single request to a server inside China or even visit a non-Chinese website that contains an ad from a Chinese server, the Great Cannon could infect their web communications and those of everyone they communicate with and spy on them.
Ultimately, researchers say, the only way for Internet users and companies to protect themselves will be to encrypt their Internet traffic so that it cannot be intercepted and diverted as it travels to its intended target.
“Put bluntly,” the researchers said, “unprotected traffic is not just an opportunity for espionage but a potential attack vector.”
22.jpg)
Alongside the Great Firewall, China has been developing a new way to intercept and redirect internet traffic, according to a new report from Citizen Lab. The report looks at the recent denial-of-service attack against Github, which flooded the site with bad traffic for five days, resulting in intermittent downtime. China's cybersecurity administration had been suspected as the source of attacks, but the new report lays out the evidence in more damning detail, showing the redirection occurring as traffic enters China Telecom, indicating it is part of the same infrastructure as China's Great Firewall.
The attack on Github worked by tampering with an analytics script that the Chinese web giant Baidu distributes. Anyone visiting a site with the script would normally send back data to Baidu and receive a reply, but the Cannon intercepted that data in transit, inserting a new script that would blast Github with bad traffic. It isn't the first time the tactic has been used, but it's the most high-profile example, and it put China's new web powers on full display. The same tactics could also be used to inject malware into any unencrypted communication with the Chinese web, including ads or analytics scripts, in a stealthier version of a network injection attack.
/cdn0.vox-cdn.com/uploads/chorus_asset/file/3590892/image01-1024x735.0.png)
The report was possible in part because the attack against Github went on for days, long after Github's mitigation efforts had blunted the attack. That gave researchers a chance to run tests and assess what triggered the Great Cannon injections and what didn't. At the same time, the duration of the attack suggests China didn't care about keeping the Great Cannon secret, and may have been showing off the new weapon as a kind of deterrent. A denial-of-service attack against a popular American site is also one of the most visible ways to deploy the tool. "I would assume China would’ve had this sort of capability," said ICSI's Nicholas Weaver, one of the report's lead researchers, "but I would’ve also assumed that they wouldn’t want to broadcast this to the world."
Many have already called for US retaliation for the Github attack — with one researcherdescribing it as "attacks by a nation state against key United States internet infrastructure." The NSA has similar capabilities through the QUANTUM program, revealed by Edward Snowden, but it has never used them in such an aggressive and public way. Still, the existence and nominal secrecy of those programs may make it difficult to go after the newly revealed weapon through diplomatic channels.
Still, it's unclear how the rest of the web might blunt the Great Cannon's power going forward. HTTPS encryption can be used to protect against the attack, but the Chinese government strongly discourages HTTPS among Chinese companies for just this reason. As a result, the biggest blow may be to companies like Baidu as they seek to integrate with the global web. Baidu was a tempting target for the Great Cannon because its analytics script was so widely used — but now that the capabilities of the Great Cannon are public, sites may be more wary of using code that might be vulnerable to it. That would be bad news for Baidu, but also any Chinese companies looking to serve ads or other plugins to the rest of the web.
No comments:
Post a Comment