China took down GitHub with the ‘Great Cannon,’ a tool similar to one made by the NSA



GitHub experienced a prolonged outage in March, and reports indicated that the site was targeted by the Chinese government because the GreatFire advocacy group uses it to host anti-censorship tools that undermine the Great Firewall.

But the service wasn’t brought down by a simple distributed denial of service attack — it was the first target of what researchers call the “Great Cannon.”

Citizen Lab reports that the Great Cannon is similar to, but separate from, the Great Firewall. It works by intercepting unencrypted traffic headed toward servers in China, redirecting the traffic to the government’s intended target, and using it to overwhelm whomever’s on its receiving end of its blast.

The researchers say the Great Cannon represents “a significant escalation in state-level information control” because it might normalize the “widespread use of an attack tool to enforce censorship by weaponizing users.” China now has both a wall to keep out its enemies and a cannon to obliterate its targets.

The Great Cannon might also be capable of more than just taking down sites that anger the Chinese government. As the New York Times notes in a report:

With a few tweaks, the Great Cannon could be used to spy on anyone who happens to fetch content hosted on a Chinese computer, even by visiting a non-Chinese website that contains Chinese advertising content. […]

Mr. Marczak said researchers’ fear is that the state could use its new weapon to attack Internet users, particularly dissidents, without their knowledge. If they make a single request to a server inside China or even visit a non-Chinese website that contains an ad from a Chinese server, the Great Cannon could infect their web communications and those of everyone they communicate with and spy on them.

Brian Krebs reports that Western consumers can avoid contributing to the Great Cannon’s arsenal by using encrypted connections to websites. This method isn’t foolproof, he notes, but it could help mitigate the problem. (Several tools can make Web browsers use encrypted connections by default.)

The development of the Great Cannon, and the demonstration of its capabilities, are quite worrisome. But the biggest problem might be that the United States can’t complain much about the Chinese government’s actions, because the National Security Agency has built a similar tool in secret.

The Intercept reported on the NSA’s efforts to “infect ‘millions’ of computers with malware” in 2014. Based on documents leaked by Edward Snowden, the report indicated that the NSA had built a tool much like the Great Cannon, with the intention of using it for surveillance instead of to take down websites.

The administration has taken hypocritical stances on China’s efforts to surveil or attack tech companies in the past, so it wouldn’t be surprising for someone from the government to condemn the Great Cannon. If there’s anything the US hates, it’s foreign countries trying to match its cyber-offensive capabilities.

It’s worth keeping this in mind when considering the Great Cannon. China isn’t the first country to build a tool like this, it’s just the first to pull the trigger — or at least to use the tool in this way. The US could do the same exact thing.

[photo by Jim Bowen]