China, which censors the Internet with its Great Firewall aka the “Golden Shield,” has a new censorship tool that is causing alarm. It’s known as the “Great Cannon.”
The University of Toronto’s Citizen Lab identified the tool in a report released last week.
The Great Cannon was first used in March, to launch alarge-scale DDoS attack on GitHub and GreatFire.org, Citizen Lab said.
The attack apparently was designed to thwart efforts to circumvent Chinese censorship.
However, the Great Cannon could “be used to attack any target anywhere in the world,” saidTomer Weingarten, CEO of SentinelOne.
Catastrophic Potential
The Great Cannon can not only inject code into traffic but also suppress it; however, its design indicates it was created to inject code, Citizen Lab said.
In the attack on GreatFire.org and GitHub, it intercepted traffic sent to Baidu infrastructure servers that host analytics, social or advertising scripts.
The Great Cannon would respond to a request for certain JavaScript files on one of those servers. More than 98 percent of the time, it passed on the request; in the other 2 percent of cases, it sent back a malicious script conscripting the user into the DDoS attack.
“A weapon like this isn’t naturally restricted by borders and could be used by a variety of entities to do massive amounts of damage,” remarked Rob Enderle, principal analyst at the Enderle Group.
“This is one of those things you really don’t like to see, because the potential for catastrophic damage, such as shutting down commerce, is unacceptably high,” he told TechNewsWorld.
Future Fear and Loathing
Perhaps the most alarming thing about the Great Cannon is its as-yet-apparently unused ability to exploit by IP address, Citizen Lab pointed out.
Just switching the configuration from operating on traffic directed to a specific IP address to operating on traffic from a specific IP address would let the Cannon’s operator deliver malware to targeted individuals who communicate with any Chinese server not using cryptographic protection, such as Baidu’s ad network servers. A single request to such a server could result in the requester getting hit with a malicious payload.
“To conduct a DDoS attack to effectively shut down any site on the Internet … you just need the ability to generate a massive volume of traffic, and the Chinese can do that effectively by using their intercept methods,” SentinelOne’s Weingarten told TechNewsWorld.
DDoS Is Hell
DDoS has become the attack method of choice of late, and “45 percent of all organizations have been hit at least one time with a DDoS attack,” said Igal Zeifman, product evangelist at Incapsula.
The average size of DDoS attacks against VeriSign’s customers increased in the last quarter of 2014, the company reported.
Massive attacks over the holidays against the PlayStation Network and Xbox led Sony and Microsoft to form an anti-DDoS coalition in March.
That’s a refreshing development. A Kaspersky Lab survey found that 28 percent of all businesses believed protection against DDoS was not their concern but that of their Internet service providers.
To defend against DDoS attacks, organizations should be able to detect an attack rapidly and respond quickly, Zeifman told TechNewsWorld.
They should be able to differentiate between bad bots and legitimate users; have a Web application firewall for protection from application-level threats; and implement a solution that offers a time to mitigation that best meets their needs.
Anti-DDoS services “are only effective up to a certain volume,” Weingarten said, but they can help.