What to know about China’s cyber weapon, the great cannon



The Great Wall isn’t the only thing China has with that superlative. Though the country’s censorship and cyber capabilities have been well documented, one specific tool — called “The Great Cannon” by researchers — transforms web traffic into a powerful weapon.

Here’s what to know about the Great Cannon, and what it means for China and and the subject of its attacks.
1. The Great Cannon is capable of hijacking web traffic and redirecting it as a DDoS (distributed denial of service) attack.

The first known use — and what research consider a confoundingly obvious one — was a March 2015 attack on two GitHub pages fun by a group called GreatFire.org, which opposes Chinese censorship.

How does it work? The Great Cannon monitors traffic within the China’s Internet infrastructure; it can target any unencrypted IP addresses and silently manipulate browsers outside China.

The three basic steps (utilized in the GitHub attack) are:

  • Outside traffic goes through the China’s “Great Firewall”
  • Servers are infected by the Great Cannon
  • Infected computers are redirected as an attack


2. The tool is separate from, but co-located within, China’s Great Firewall.

China’s Great Firewall describes the main, government-controlled instrument used to maintain Internet censorship in the nation by blocking websites, criminalizing certain online activities, and filtering keywords.

The Great Cannon, a tool adjacent to the Great Firewall, was discovered by researchers from the University of Toronto’s digital watchdog group Citizen lab, and detailed in an April 2015 report.

3. The tool, which acts as a “man in the middle,” is also theoretically capable of exploiting individual users.

The attack on GitHub demonstrated the Great Cannon’s ability to hijack web traffic and use it to flood operators’ destination of choice.

But with this capabilities come darker implications: according to Citizen Lab, it affords China the opportunity to “deliver exploits targeting any foreign computer that communicates with any China-based website” not adequately encrypted.

4. The NSA has a similar tool called QUANTUM.

Researchers believe the Great Cannon is capable of covertly delivering spyware and malware to computers through unencrypted servers. Sound frightening? No more frightening than the NSA.

Leaks by Edward Snowden showed that the NSA’s QUANTUM also can covertly inject spyware to infect computers through unencrypted website. The UK’s GCHQ has also been documented tampering with unencrypted traffic.

If nothing else, this suggests that China’s cyber capabilities may be just as powerful as the US’ and others. And due to the open nature of the Great Cannon’s attack on GitHub, they aren’t afraid to flaunt it.