The tool marked a shift by Beijing towards an offensive strategy in censoring the internet, and could hinder attempts by mainland tech companies to take their brands to an international market.
According to a report by the Citizen Lab at the University of Toronto released on Friday, the "Great Cannon" was aimed at shutting down websites and services that help mainland internet surfers bypass the "Great Firewall", which blocks domestic access to information the authorities deem sensitive.
It works by hijacking unwanted web traffic and redirecting it to websites of China's choosing in such large quantities that it can overwhelm servers and knock them offline.
The Edward Snowden leaks revealed the existence of QUANTUM, an NSA tool that could plant malware on millions of computers. Citizen Lab said that, with slight moderations, China’s Great Cannon could act in a similar way:
A technically simple change in the Great Cannon’s configuration, switching to operating on traffic from a specific IP address rather than to a specific address, would allow its operator to deliver malware to targeted individuals who communicates with any Chinese server not employing cryptographic protections.
The discovery of this tool is another reminder of the importance of secure browsing technology, like HTTPS, since weak security systems can undermine the safety of internet users browsing websites.
It blasts targeted Web servers with massive distributed denial of service attacks, and it uses the Web browsers of unsuspecting Web surfers to do it.
The Cannon wrecked two online services with DDoS attacks in March, say the researchers from the University of Toronto's Citizen Lab, the International Computer Science Institute, the University of California-Berkeley and Princeton University.
Many of the researchers focus on the abuse of information technology to undermine civil liberties and human rights. And they are afraid this new cyberweapon could easily be used for an array of powerful attacks beyond what they've already observed.
The Great Cannon takes on a much lighter load, because it doesn't care about all that traffic. Instead, it targets traffic between a handful of Web addresses. But it uses Web traffic unrelated to its targets to build its attack against them.
