Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
China The Military

China's 'Great Cannon' -- a Cyber-weapon to Accompany the Great Firewall 81

An anonymous reader writes: A new report from The Citizen Lab identifies a distinct new technology entity sitting next to the Great Firewall of China. Dubbed the 'Great Cannon', the multi-process cluster revealed itself quite openly in the recent attacks on Greatfire.org and its two Github pages. The DDoS attack was so sustained that CL was able to study the new technology in depth, determining architectural similarities and unearthing many strong indications that it is a product of the Chinese authorities.
This discussion has been archived. No new comments can be posted.

China's 'Great Cannon' -- a Cyber-weapon to Accompany the Great Firewall

Comments Filter:
  • by Anonymous Coward

    the slashdot effect.

  • by Isca ( 550291 ) on Friday April 10, 2015 @07:58AM (#49445557)
    We've seen attack upon attack on various countries by the government of China. These attacks are way beyond simple con jobs for access to government servers or trade secrets.

    Why the hell do they have MFN status again?
    • Because, pardon the pun, they're too big to nail.

    • by Morpf ( 2683099 ) on Friday April 10, 2015 @08:08AM (#49445611)

      Okay, I suppose you don't mind we also stop pretending the Five Eyes (especially the USA) and Israel at not in a low level war with any other country? Right?

    • by BitZtream ( 692029 ) on Friday April 10, 2015 @08:09AM (#49445619)

      Other than you saw some other moron on the Internet say 'China Did It' ... can you provide some actual proof to back up your claims.

      It is simply stunningly illogical for China to behave this way against such petty targets. It makes absolutely NO sense for them to flaunt their ability and willingness to do so as the simple course of action the entire reset of the world would take is a simple matter of NULL routing China and going on about their daily business, your 'war' would be over before anyone really cared.

      And ... a DDoS does pretty much nothing to gain you access to government servers or trade secrets.

      WTF is it with you nut jobs who seem to think the entire world is out to get you regardless of cost to themselves?

      Slashdot is pretty much the only place on the planet that thinks this is an actual attack by the Chinese, perhaps you should ask yourself why? And no, before you get the idea, its not because slashdot is so smart and so far ahead of the general public, that ended 10 years ago.

      • by Anonymous Coward on Friday April 10, 2015 @08:22AM (#49445703)

        Anyone who runs a server on the Internet only needs to look at their firewall log to see break-in attempts coming from China, 24 hours a day every day. It's blatantly obvious that Someone in China did something. Still that's not conclusive proof that governments are involved.

        • by Anonymous Coward

          Making sure to check the box for "AC"

          I have all of china shut off.

          None of my customers that matter, have noticed, nor would they likely give a shit if they knew.

          The presence of china on the internet brings NOTHING to the table I want.

          Someone should get a sub crew or two to drag through all of china's under sea connections and call it a day. Let em do whatever they want on their own network. We'll send non tainted chicken to them to eat in trade for plastic crap and cheap electronics via boat.

        • by Krojack ( 575051 )

          While China still tops the list on my firewalls, Russia has been rapidly raising up over the past few years.

        • That could also be about a billion unpatched versions of Zombie XP running DOSS attacks as part of a huge Botnet and the only reason it originates from China is the fact that everyone uses pirated unpatched versions of OS there. Just speculating, but that would make sense. Not saying that is isn't a Chinese directed botnet, but it may not be the national government.

          • by tomxor ( 2379126 )
            It's probably a combination, however i'm fairly convinced that it's more weighted on their government effort to gather as much low hanging fruit around the world as possible, because every time i've spun up a new server before i've locked it down all access attempts come from a more specific block range in China, not more randomly distributed IPs like you would expect from a normal botnet, a big chunk of their internet is dedicated to this.
            • Again just speculation, but it could be that because China has their Internet so locked down for censorship, with their Great Firewall, that the ranges of discoverable IP addresses outside of it are manipulated causing it to look that way. I barely have a working understanding of how it all works anyway. However I do find it hard to believe that a nation particularly one as large as China would bother with this kind of low level tomfoolery (i.e. It doesn't seem all that targeted).

              Then again it could be a ve

              • by tomxor ( 2379126 )

                ...it could be that because China has their Internet so locked down for censorship, with their Great Firewall, that the ranges of discoverable IP addresses outside of it are manipulated causing it to look that way...I do find it hard to believe that a nation particularly one as large as China would bother with this kind of low level tomfoolery (i.e. It doesn't seem all that targeted)

                Not sure what you mean by manipulated, but i can assure you it's intentional, i don't claim to know what their intention is... but you don't accidentally and repeatedly attempt to login to SSH. If you really want some hard evidence all you have to do is go spin up a standard ubuntu VPS and leave it in it's default configuration for a few days (in particular you leave SSH on the default port), then have a dig through it's logs and plot the SSH login attempt IP locations... you should find a hot spot in China

      • It is simply stunningly illogical for China to behave this way against such petty targets. It makes absolutely NO sense for them to flaunt their ability and willingness to do so...

        Did you miss the part where China builds artificial islands wayyyy past the 200-mile line to do an end run around it?

        • Re: (Score:3, Interesting)

          by Anonymous Coward

          I was going to post exactly this ...

          China does bully and take advantage of petty targets and nations that have no way to defend themselves, and the best example of this is their attitude in the china sea, they are building ilsands to expand their borders, and all of the nations around cant do anything about it... they are first class bullies... I fail to see how their "cyber-attitude" could be any different.

      • by Anonymous Coward

        And ... a DDoS does pretty much nothing to gain you access to government servers or trade secrets.

        China has built their entire infrastructure around denying access to information they don't want their people to see. This gives them a way to fire back at the outside sources that help people work around those blocks. If you want to cry about proof, then by all means, RTFA.

      • by Anonymous Coward

        While the attack, is progressing, with all the spoofing going on, why is everyone saying its China? With all the communications chips coming out of China, could it be misidentification? And reading your attack? Since you are trying to penetrate their defenses? Meaning its your spiders reporting back, making requests for service?

      • Glorious exposition, comrade!

      • by Sarten-X ( 1102295 ) on Friday April 10, 2015 @08:41AM (#49445839) Homepage

        It is simply stunningly illogical for China to behave this way against such petty targets. It makes absolutely NO sense for them to flaunt their ability and willingness to do so...

        Just like it makes no sense for Americans to bomb the Bikini Atoll, or run new ships on trips around the world. The goal isn't to destroy a Pacific paradise or to wear out the engines, but rather to announce to the political world that we have a new capability, and we're ready to use it as we see fit.

        The "petty targets" may be convenient places to point this "Great Cannon"... They provide a noticeable target, and apparently can be analyzed enough to provide some basic details to the rest of the world. Assuming China is behind the attack, we now know that China can run at least this level of attack, and there's no reason to expect that in a full-scale conflict, it wouldn't be turned against more serious targets. We don't know whether the attack can be made even bigger, or if it has different operational modes, or even how quickly such an operation can scale... and that's enough uncertainty to make it a deterrent weapon. It's all political posturing, and from outward appearances, it seems China is showing itself to be fairly powerful, but not yet openly aggressive.

        Contrast that with North Korea, which has persistently demonstrated impotent aggression, and our main concern is that they might actually develop a real offensive capability that affects us.

        ...as the simple course of action the entire reset of the world would take is a simple matter of NULL routing China and going on about their daily business...

        ...except that a significant part of their daily business has now been null-routed. It's going to be hard to keep that great American economy moving when manufacturers can't contact their contracted suppliers. Without that continuous economic movement, we're facing yet another financial crash, which the United States government probably doesn't want to have happen just yet.

        your 'war' would be over before anyone really cared.

        On the contrary, an openly-hostile and traceable act (like cleanly disconnecting a major nation) would be the first strike in a bigger escalating conflict, as each side accuses the other of being the guy who really started the fight. Throw in a few false-flag operations and stage a few "exposed" false-flag operations, and it's not a very big leap to having a real war with real weapons and real death.

        Frankly, I'd rather just have the political games.

        • Take a look at the stories about China in the South China sea. China is blatantly hostile, this is just another of the many hostilities. Also, it appears that they pay people to AC astroturf on /. This is the only explanation I can come up with for the ACs claiming that we don't know it was China when TFA is quite clear on the research that was done to determine how the attack occurred.

          • by shrikel ( 535309 )

            This is the only explanation I can come up with for the ACs claiming that we don't know it was China when TFA is quite clear on the research that was done to determine how the attack occurred.

            Occam's Razor. Probably they just didn't RTFA.

      • by Anonymous Coward on Friday April 10, 2015 @09:05AM (#49446043)

        I will just say this: The above post is a lie. I can name plenty of examples to show China's aggression.

        If people remember a few years back, US solar companies getting breached, or breach attempts in large numbers, all from China. Six months later, China started shipping panels that mysteriously had the same IP as the US PV makers... but for costs well under what even the rare earths went for. This destroyed the US PV industry, and it nearly destroyed Europe's until they enacted a tariff to level the playing field (China will give you deep discounts on rare earths... provided their companies do the manufacturing... companies that you have to give all trade secrets to.)

        So, China isn't an angel in any sense of the word. They have been having a lot of border skirmishes with neighbors. They only have MFN because most US companies can't see past next quarter's earnings.

        A DDoS makes sense. Same way someone getting their face decorated with a black eye the first time they hit the prison yard... it sends a message.

      • Who do you think it is then, smart guy? If you have a less paranoid alternative (dont say Illuminati, please), I would love to hear it.

      • > It makes absolutely NO sense for them to flaunt their ability and willingness to do so as the simple course of action the entire reset of the world would take is a simple matter of NULL routing China and going on about their daily business

        It amazes me how many Slashdot posts theorize about what *would* happen, under conditions that *already* have been going on for years. If you said that in 1990, it would be a reasonable prediction, an intelligent guess. After 20 years of attacks, very few networks h

      • What may be petty to you may not be petty to China government.
      • Other than you saw some other moron on the Internet say 'China Did It' ... can you provide some actual proof to back up your claims.

        50 cent army on the prowl!

        It is simply stunningly illogical for China to behave this way against such petty targets. It makes absolutely NO sense for them to flaunt their ability and willingness to do so as the simple course of action the entire reset of the world would take is a simple matter of NULL routing China and going on about their daily business, your 'war' would be over before anyone really cared.

        Its not like this fits with the MO of China, right?

        Its not like they negotiated with Microsoft, Yahoo, and Google to expose dissidents on those blogging platforms a decade ago.
        Not like they coordinated with Skype to capture phone conversations via their well-documented TOM platform.
        Not like they used state-sponsored hackers to infiltrate Google, like they commonly attempt to do corporate espionage.
        Not like they engaged in a well-documented and highly-visible war with Google when Go

      • It makes absolutely NO sense for them to flaunt their ability and willingness to do so as the simple course of action the entire reset of the world would take is a simple matter of NULL routing China and going on about their daily business

        unless of course you are a proxy server trying to aid Chinese ppl trying the evade the great firewall of China. Think of this as a new option to make evading their firewall much more expensive.

    • We've seen attack upon attack on various countries by the government of China. These attacks are way beyond simple con jobs for access to government servers or trade secrets. Why the hell do they have MFN status again?

      Probably for the same reason the US does.

    • by Anonymous Coward

      If you're calling this an act of war, then what the hell was stuxnet? A DOS attack more than pales in comparison to the destruction of Iranian nuclear enrichment equipment.. let's not get too hypocritical here

      • Stuxnet was an act of mercy for the rest of the world. Iran with a nuke is a scary thing. Look at North Korea if you want to see where it goes. Fortunately NK can't build a nuke small enough or a missile powerful enough to hit the US, but they could hit South Korea or Japan, and they have shown a willingness to attack both.

        • It's hard to say with NK. They don't have the military capacity to take on the world, and they know it - but they do need an effective deterrant, and you can only have an effective deterrant if the world believes you are crazy enough to use it.

    • by MikeMo ( 521697 )
      Because Bill Clinton [mit.edu] thought they should. Congress tried to repeal it in 2005 [wikipedia.org], but the bill failed.

      Seems to me like it's time to look [nationalpost.com] at that again [nationalinterest.org].
    • China has MFN status because they have lots of money to loan Western countries. We don't want to annoy them to the point that they adversely effect the Western economy in unpredictable ways. They are the world's best liars when it comes to denying their actions. If a Chinese official was video recorded throwing a rock that broke a window, the PRC would claim that he never did that. Along with modern capitalist methods, that's another thing that the Nixon administration likely taught them. Always deny the di
  • How about blocking http traffic to China and 301 redirecting any connections to the https address. If the endpoint doesn't support https, tough.

    • by fisted ( 2295862 )
      There's only so much the receiving end of a DDoS can do. And by 'only so much', I mean 'nothing'.
      • Well, that's really sort of the definition of fixed here, isn't it? You do nothing with the DDoS traffic while responding as normal to the regular traffic.

        • by fisted ( 2295862 )
          And how do you tell apart DDoS traffic from regular traffic? Furthermore, the DDoS traffic is already there, it has alread used its share of your bandwidth, congesting the link for 'regular traffic'
  • Comment removed based on user account deletion
    • Maybe they're probing for a response, so that they gain information on what responses can be made.
    • by ledow ( 319597 )

      For a second there, I was about to agree. Then I realised that you said "Chinese" and not "US".

  • Comment removed (Score:4, Interesting)

    by account_deleted ( 4530225 ) on Friday April 10, 2015 @08:14AM (#49445655)
    Comment removed based on user account deletion
    • That leads to escalation. They attack us, we attack them, they attack us - and ordinary internet users get caught in the middle, unable to access their precious porn and lolcats because half the internet is swamped.

    • Set up an entire NSA team to infiltrate the Chinese military establishment and depants their national security secrets on a Wikileaks-By-Uncle-Sam level

      There's far too much value for us in them not knowing what we know. I wouldn't be terribly surprised if the Chinese military establishment is largely depantsed already.

  • That all these "Chinese Cyber Attacks" are in actuality more due to the fact that most of the versions of Windows in China are pirated and unpatched. This would make them the biggest target for the creation of zombie botnets which can be controlled by anyone really for whatever nefarious purposes, such as DOSS attacks on whoever. The Russians seem to have the most of those types of individuals out there, so it is more likely individual or groups or Russian hackers, owning Chinese botnets and using them to t

  • http://www.slideshare.net/Shakacon/netizen-death-star-l0rd-v covers an anonymous researchers review of this capability over a year ago.

"I got everybody to pay up front...then I blew up their planet." "Now why didn't I think of that?" -- Post Bros. Comics

Working...