After the Great Firewall, China has a New Online Weapon to Knock Down the Internet


After the Great Firewall, China has evidently remained busy with creating a service capable of intercepting Internet traffic and using it to knock websites offline internationally. This online weapon is being termed as Great Cannon and is already in effect as a separate entity but co-located with the Great Firewall of China, a recent report by the Citizen Lab revealed.

the evidence indicates that the GC’s role is to inject traffic under specific targeted circumstances, not to censor traffic

What is China's Great Cannon:

Great Cannon is an equally offensive system but with different design and capabilities of the Great Firewall. The tool is being used by the country to hijack traffic and reportedly, "arbitrarily replace unencrypted content as a man-in-the-middle." What this tool does is that it uses national level online traffic to launch attacks on a website that it deems unfit for its agendas.

Great Cannon manages to achieve this extreme level of DDoS attack by:

  • hijacking the internet traffic at national level
  • redirecting it to targeted network to cripple it
  • ultimately sending it spyware or malware OR
  • using the target site to flood yet another website getting massive attack results

This latest report by the Citizen Lab also reveals that this Great Cannon of China could be behind the attack on GitHub earlier this month. GitHub and the - proxy software to help Chinese citizens evade censorship restrictions employed by the Great Firewall of China - were entangled in a massive and evolving attack preventing people from accessing these sites. observed that servers they had rented to make blocked websites accessible in China were being targeted by a Distributed Denial of Service (DDoS) attack.

On March 26, two GitHub pages run by also came under the same type of attack.  Both attacks appear targeted at services designed to circumvent Chinese censorship.  A report released by fingered malicious Javascript returned by Baidu servers as the source of the attack. Baidu denied that their servers were compromised.

The research found that in the week-long attack on the site, Great Cannon was used to redirect the traffic from Chinese search engine Baidu to knock down the website. China is engaged in actively diverting the unencrypted traffic from Baidu to target websites engaged in distributing anti-censorship tools in a series of DDoS attacks.

If you are wondering why the Great Cannon is being attributed to China?

The report suggests that there is compelling evidence that GC is attributed to the Great Firewall of China. The research team tested two international Internet links into China which revealed in both the cases that Cannon was co-located with the Great Firewall.

Works like USA's Quantum

This tool works similar to NSA's QUANTAM system giving China the capability to deliver exploits to any computer that engages in the communication with a China-based website. However, USA has never employed the system publicly indicating that China may be moving from passive censorship of Great Firewall to active attacking with the Cannon techniques.

Source: the Citizen Lab