China has long censored the internet with its so-called “Great Firewall.” But now researchers from the University of California at Berkeley and the University of Toronto say Beijing is employing a new method that has the capability to attack websites hosted on servers located abroad.
Security experts have dubbed the censorship tool the "Great Cannon," and say China can now redirect traffic intended for Chinese websites to whatever sites the authorities choose. That can overload sites with an enormous number of hits, temporarily disabling them.
“So the Great firewall can stop information from getting through to Chinese citizens, [but] the Great Cannon allows the Chinese government to go and attack the websites that Chinese people are trying to access,” said Ben Fitzgerald, a fellow at the Center for a New American Security.
China has recently hijacked traffic to the Chinese web search engine Baidu and redirected it to target GitHub and GreatFire.org. Those sites publish so-called “mirrors” of websites that are blocked by the Great Firewall, so that they can be accessible to people witin China.
But the state’s strategy of redirecting China’s internet traffic to cripple foreign Websites could hurt Chinese businesses.
Baidu is China’s biggest search engine and the fourth most popular Website in the world. China’s new method of launching cyber attacks could discourage people from visiting sites like Baidu at a time when Chinese internet and I.T. companies such as Huawei are looking to expand their brand name and market share abroad.
“So I think that the way we have seen a lot of businesses internationally being fearful of installing Huawei devices on their networks, for the perception of security risks," said Fitzgerald. "We can now see that for other companies like Baidu.”
Researchers say the Great Cannon cannot only cripple websites China wants rendered inaccessible to the public but can also be used to spy on anyone who visits a Chinese website or a site with Chinese advertising.
According to Patrick Chovanec, managing director and chief strategist of New York-based Silvercrest Asset Management Group, the prospect of dimished privacy makes consumers think twice before accessing targeted sites such as Baidu.
"In this environment where we are all concerned about privacy and we are all concerned about cyber security, I think that anything that puts a question mark on a site is going to be a problem,” said Chovanec, who is also an adjunct lecturer at Columbia University's School of International and Public Affairs.
After observing attacks by the Great Cannon, University of Toronto researchers concluded, “the repurposing of the devices of unwitting users in foreign jurisdictions for covert attacks in the interests of one country’s national priorities is a dangerous precedent," they said. "[It is] contrary to international norms and in violation of widespread domestic laws prohibiting the unauthorized use of computing and networked systems.”
However, the tool appears to be similar to cyber attack technologies used by the United States and Britain, according to documents leaked by former National Security Agency contractor Edward Snowden.
James Lewis of the Washington-based Center for Strategic and International Studies says tensions between the United States and China over cybersecurity have continued to rise over the last year.
“They’ve gotten worse," he said. "Both sides are more aggressive in dealing with the issues. The Chinese, of course, have started a whole new campaign to control the internet, and to have a lot larger role in determining how the internet operates and what appears on it.”
Over the past few months, China has further restricted access to the internet for Chinese users, blocking popular applications like Gmail and services called “VPNs”, or virtual private networks, that allow internet users in China to evade censorship controls.