China’s New Great Threat

China is notorious for censoring the internet access of its citizens using the “Great Firewall”, but now they have access to a more alarming weapon.  The weapon is being dubbed the Great Cannon, it was identified by the University of Toronto’s Citizen Lab last week.  The Great Cannon was first used in an attack on GitHub and GreatFire.org, The Cannon used a large scale DDoS attack to paralyze the two targets.   The attack was reported to be a response to thwart circumventing Chinese censorship.  But the alarming quality of the Great Cannon is that it can be used on any target around the world.

The Great Cannon injects code into traffic and also suppresses it, although it seems that it was only designed to inject code and that the suppression capabilities were unintended.  During the attacks on GitHub and GreatFire.org the Cannon intercepted traffic sent to servers belonging to Baidu.  These infrastructure servers hosted analytics, social, and advertising scripts.  The Great Cannon responds to only 2% of JavaScript files on the aforementioned servers, when it responds it sends a malicious script that brings the user into the DDoS attack.

Rob Enderle, an analyst at the Enderle Group, said that “”A weapon like this isn’t naturally restricted by borders and could be used by a variety of entities to do massive amounts of damage.”

One of the Great Cannon’s most alarming characteristics is its apparently un-used ability to exploit by IP address.  By switching the configuration of the weapon from operating on traffic directed to a specific IP to operating on traffic from a specific IP could give the operator the ability deliver malware to any targeted individuals that communicate with Chinese servers.

By Michael Grandeau

Link to original article: http://www.technewsworld.com/story/81949.html

Advertisements