China recently flooded American websites with a barrage of Internet traffic known as a “denial of service attack” to block providers that allowed China’s Internet users to circumvent websites blocked by government policies. The action was initially thought to be another example of China’s use of a program called the “Great Wall.” But academic researchers have determined that China appears to have reverse-engineered the capabilities of a powerful National Security Agency (NSA) program that was first described to the public in the leaked Edward Snowden files two years ago.
Nicknamed the “Great Cannon,” China’s newest Internet weapon for chaos and surveillance was jointly reported by researchers at the University of California and University of Toronto as similar to one developed and used by the U.S. National Security Agency and its British GCHQ counterpart. The software program was outlined in classified documents leaked by Edward J. Snowden, the former United States intelligence contractor.
The U.S. intelligence service system, according to the documents published by The Intercept, can deploy an array of programs that can intercept web traffic on a mass scale and can redirect it to a site of their choosing. The NSA. and its partners appear to use the programs for targeted surveillance, but can also use it like China’s “Great Cannon” for an aggressive form of censorship or retaliation.
The New York Times reported that experts on U.S. government surveillance tools found that the infrastructure and code for the newest attacks bear similarities to China’s “Great Firewall” tool that has been around for several years. But the latest attacks came from a device that has the ability not only to snoop on Internet traffic, but also to alter the Internet packet flow, and massively redirect a tsunami of Internet packet data flow to overpower any website’s servers. Researchers term the protocol as a “man in the middle attack.”
The Great Cannon allows Chinese communist authorities to intercept foreign web traffic flowing to Chinese websites by injecting malicious code and “repurposing” the Internet traffic for whatever use they choose.
In the first documented attack, the system was used to intercept millions of streams of web and advertising traffic flowing through China’s biggest Internet search engine company, named Baidu. The traffic was used as a firehose to overwhelm servers at a popular site for programmers called GitHub, and at a non-profit called GreatFire.org. Both the sites have quietly provided access for Chinese Internet users to access restricted sites by “mirroring the blocked content.” Researchers told the Times that during the time both sites were under attack, their servers appeared to be operating normally.
The attacks show the extent to which Beijing is willing to use censorship to protect its political goals, even if it means sacrificing domestic economic goals.
China’s Baidu was the fifth-most-visited website in the world over the last 30 days, according to Alexa.com. Last month, the site had 64,475,433 “unique visitors” and a ripping 564,804,793 page views, about 8.76 per visitor. Revenue from advertising averaged about $515,803.46 per day. An estimated 5.2 million of those unique visitors were believed to have been Americans.
The “Great Cannon,” according to the report, not only has the capability to interrupt Chinese web traffic on a massive scale, but could have the power to spy on anyone who happens access any content that is hosted on a Chinese domestic computer, even if the user is visiting a non-Chinese hosted website that is linked to Chinese advertising content:
“The operational deployment of the Great Cannon represents a significant escalation in state-level information control,” according to the authors of the report. They added that the new capability allows “the normalization of widespread and public use of an attack tool to enforce censorship.”