GITHUB HIT BY MASSIVE DDoS ATTACK
Github is a popular source code hosting website used by programmers to collaborate on software development.
- GreatFire.org – Anti-censorship tool, hosted on GitHub, used to help Chinese citizens circumvent The Great Firewall Of China.
- CN-NYTimes – A group on Github that hosts New York Times mirrors to allow Chinese netizens access to the news website, which is normally blocked in China.
But, how did the Chinese manage to produce DDoS attacks of so much strength and Bandwidth?
Yes, the answer is the “Great Cannon” (GC). Chinese government is now using a new cyber weapon in an effort to silence not only its citizens, but critics around the world, according to the latest report released by Citizen Lab.
THE GREAT CANNON – A NEW POWERFUL WEAPON
What’s the Great Cannon?
The Great Cannon is a special cyber attack tool essentially capable of hijacking Internet traffic at the national level and then direct that traffic at targeted networks the attackers want to knock offline, sending back spyware or malware, or using the target to flood another website with traffic.
It is believed that Github’s attackers used the Great Cannon as a DDoS attack tool to redirect the Internet traffic of visitors to Chinese search engine giant ‘Baidu’ or any website that used Baidu’s extensive Advertisement network in order to cripple the popular code-sharing website.
In simple words:
Those visiting a Baidu-affiliated website from anywhere in the world were vulnerable to getting their Internet traffic hijacked by the attackers, which could then be turned into a weapon to flood anti-censorship websites, like GitHub, with too much of junk traffic.
Let’s have a look on how the Great Cannon was deployed in the GitHub and GreatFire.org attacks:
HOW THE GREAT CANNON WORKS?
The Great Cannon works by intercepting data which is sent between two nodes and then redirecting the data to a third one. This powerful cyber weapon seems to leverage an analytic script, which is commonly distributed by the Chinese search engine Baidu.
Generally this script is not malicious, but according to Citizen Lab, the Cannon’s creators tampered with the script code a little bit in order to redirect the user to Github, instead of sending a data packet, thus flooding the target website with traffic from unsuspecting users.
The weapon is also capable of producing a full-fledged man-in-the-middle (MITM) attack, so it could also be used to intercept unencrypted emails.
It makes me remind of:
– an NSA’s similar weapon that was capable to redirect victims to fake websites containing malware served through unencrypted sites using Man in the middle attacks to a spoofed server, which can respond faster than the real one that is placed somewhere on the Internet backbone.
These secret Internet backbone nodes, which the National Security Agency, dubbed Quantum nodes.
This new move by Chinese government could signal a trouble in China’s online behavior – Shifting from the passive censorship of the Great Firewall of China to the active censorship by readily attacking foreign websites with the Great Cannon.
Cyber attacks originating in China are not at all surprising. But…
…”the operational deployment of the Great Cannon represents a significant escalation in state-level information control: the normalization of widespread use of a [cyber] attack tool to enforce censorship by weaponizing users,
” the security researchers from the University of Toronto and University of California wrote in a report published
MEASURES TO MITIGATE THE GREAT CANNON
According to the researchers, the Great Cannon weapon used by Chinese authorities could be neutralized to a great extent if the websites communicate over encrypted HTTPS connections.
Why? The reason:
Those websites whose communications are end-to-end encrypted is difficult to modify for an attacker sitting in between the sender & the receiver, unless and until those websites are not loading files or resources via unencrypted i.e. non-HTTPS connections.
Original Post: http://thehackernews.com/2015/04/great-cannon-ddos-attack.html