An Analysis of China’s “Great Cannon”

Authors: 

Bill Marczak, University of California, Berkeley, and Citizen Lab, University of Toronto; Nicholas Weaver, International Computer Science Institute (ICSI) and University of California, Berkeley; Jakub Dalek, Citizen Lab, University of Toronto; Roya Ensafi, Princeton University; David Fifield, University of California, Berkeley; Sarah McKune, Citizen Lab, University of Toronto; Arn Rey; John Scott-Railton and Ron Deibert, Citizen Lab, University of Toronto; Vern Paxson, International Computer Science Institute (ICSI) and University of California, Berkeley

Abstract: 

On March 16th, 2015, the Chinese censorship apparatus employed a new tool, the “Great Cannon”, to engineer a denial-of-service attack on GreatFire.org, an organization dedicated to resisting China’s censorship. We present a technical analysis of the attack and what it reveals about the Great Cannon’s working, underscoring that in essence it constitutes a selective nation-state Man-in-the-Middle attack tool. Although sharing some code similarities and network locations with the Great Firewall, the Great Cannon is a distinct tool, designed to compromise foreign visitors to Chinese sites. We identify the Great Cannon’s operational behavior, localize it in the network topology, verify its distinctive side-channel, and attribute the system as likely operated by the Chinese government. We also discuss the substantial policy implications raised by its use, including the potential imposition on any user whose browser might visit (even inadvertently) a Chinese web site.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {191996,
author = {Bill Marczak and Nicholas Weaver and Jakub Dalek and Roya Ensafi and David Fifield and Sarah McKune and Arn Rey and John Scott-Railton and Ron Deibert and Vern Paxson},
title = {An Analysis of {China{\textquoteright}s} {{\textquotedblleft}Great} {Cannon{\textquotedblright}}},
booktitle = {5th USENIX Workshop on Free and Open Communications on the Internet (FOCI 15)},
year = {2015},
address = {Washington, D.C.},
url = {https://www.usenix.org/conference/foci15/workshop-program/presentation/marczak},
publisher = {USENIX Association},
month = aug,
}
Download
Marczak PDF