WASHINGTON – China has expanded its Internet censorship efforts beyond its borders with a new strategy that attacks websites across the globe, researchers said Friday.
The new strategy, dubbed “Great Cannon,” seeks to shut down websites and services aimed at helping the Chinese circumvent the “Great Firewall,” according to a report by the Citizen Lab at the University of Toronto.
“While the attack infrastructure is co-located with the Great Firewall, the attack was carried out by a separate offensive system, with different capabilities and design, that we term the ‘Great Cannon,’ ” the report said.
“The Great Cannon is not simply an extension of the Great Firewall, but a distinct attack tool that hijacks traffic to (or presumably from) individual IP addresses.”
The report supports claims by the activist organization GreatFire, which last month claimed China was seeking to shut down its websites that offer “mirrored” content from blocked websites like those of the New York Times and others.
The technique involves hijacking Internet traffic to the big Chinese search engine Baidu and using that in “denial of service” attacks, which flood a website in an effort to knock it offline.
The report authors said the new tool represents “a significant escalation in state-level information control” by using “an attack tool to enforce censorship by weaponizing users.”
The Great Cannon manipulates the traffic of “bystander” systems including “any foreign computer that communicates with any China-based website not fully utilizing (encryption).”
The Citizen Lab researchers said they found “compelling evidence that the Chinese government operates the GC (Great Cannon),” despite Beijing’s denials of involvement in cyberattacks.
Because the Great Cannon shares code and infrastructure with the Great Firewall, this “strongly suggests a governmental actor,” said the report, which included collaboration from researchers at the University of California and Princeton University.
The researchers said that deploying the Great Cannon “is a major shift in tactics,” and that it would likely “require the approval of high-level authorities within the Chinese government.”
“The government’s reasoning for deploying the GC here is unclear, but it may wish to confront the threat presented to the Communist Party of China’s ideological control by the ‘collateral freedom’ strategy advanced by GreatFire.org and others,” the report said.
The report was produced by researchers Bill Marczak, Nicholas Weaver, Jakub Dalek, Roya Ensafi, David Fifield, Sarah McKune, Arn Rey, John Scott-Railton, Ronald Deibert and Vern Paxson, who are affiliated with the universities or the International Computer Science Institute.
The report also indicates China and the Great Cannon were responsible for the attack on GitHub, a software collaboration website that is also used by Chinese dissidents to circumvent censorship.
The attack tool, said the researchers, gives China capability similar to that of the U.S. National Security Agency’s Quantum program, described in documents leaked by former NSA contractor Edward Snowden.
But the report said it is unclear why China is doing this overtly.
“We remain puzzled as to why the (Great Cannon) operator chose to first employ its capabilities in such a publicly visible fashion,” the report said.
“Conducting such a widespread attack clearly demonstrates the weaponization of the Chinese Internet to co-opt arbitrary computers across the web and outside of China to achieve China’s policy ends.”
It said the technique “is a dangerous precedent” and “contrary to international norms and in violation of widespread domestic laws prohibiting the unauthorized use of computing and networked systems.”