Slashdot Mirror
China's 'Great Cannon' -- a Cyber-weapon to Accompany the Great Firewall
An anonymous reader writes: A new report from The Citizen Lab identifies a distinct new technology entity sitting next to the Great Firewall of China. Dubbed the 'Great Cannon', the multi-process cluster revealed itself quite openly in the recent attacks on Greatfire.org and its two Github pages. The DDoS attack was so sustained that CL was able to study the new technology in depth, determining architectural similarities and unearthing many strong indications that it is a product of the Chinese authorities.
the slashdot effect.
We've seen attack upon attack on various countries by the government of China. These attacks are way beyond simple con jobs for access to government servers or trade secrets.
Why the hell do they have MFN status again?
How about blocking http traffic to China and 301 redirecting any connections to the https address. If the endpoint doesn't support https, tough.
Because, pardon the pun, they're too big to nail.
Who put this thing together? Me, that's who.
Please don't double DDoS my puny cloud servers; I can't even afford a regular DoS attack.
Okay, I suppose you don't mind we also stop pretending the Five Eyes (especially the USA) and Israel at not in a low level war with any other country? Right?
Why would the Chinese government have them attacking their enemies in such an obvious and easily attributable way?
Are they just at the point where they now think they're so big and strong, that they can just steamroll anybody in the world IRL and online without long-term consequences?
It could just be Third World 'peasant mentality'. Or are people, who are ostensibly rational enough to take control of a nation of 1+ billion people, really this stupid?
Other than you saw some other moron on the Internet say 'China Did It' ... can you provide some actual proof to back up your claims.
It is simply stunningly illogical for China to behave this way against such petty targets. It makes absolutely NO sense for them to flaunt their ability and willingness to do so as the simple course of action the entire reset of the world would take is a simple matter of NULL routing China and going on about their daily business, your 'war' would be over before anyone really cared.
And ... a DDoS does pretty much nothing to gain you access to government servers or trade secrets.
WTF is it with you nut jobs who seem to think the entire world is out to get you regardless of cost to themselves?
Slashdot is pretty much the only place on the planet that thinks this is an actual attack by the Chinese, perhaps you should ask yourself why? And no, before you get the idea, its not because slashdot is so smart and so far ahead of the general public, that ended 10 years ago.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
Thank you.
And admit that the Chinese will not even slow down until it's clear that the developed countries will be retaliate in kind. The feds need to take the kid gloves off and let American businesses do unto the Chinese as the Chinese do to them. Chinese DDoS? Let GitHub retaliate against Chinese assets involved. Chinese firms hacking and stealing assets? Authorize industrial espionage by American businesses against Chinese interests. Chinese intelligence actively attacking American business? Give the NSA a free hand to retaliate and screw with the Chinese government. They try to break into our classified networks? Set up an entire NSA team to infiltrate the Chinese military establishment and depants their national security secrets on a Wikileaks-By-Uncle-Sam level.
Told ya. It's a bad idea to download *and execute* random stuff from the 'Net.
Back then, when I was a toddler, my mom taught me to not insert every thing I find on the street into my mouth.
A similar principle applies here.
Anyone who runs a server on the Internet only needs to look at their firewall log to see break-in attempts coming from China, 24 hours a day every day. It's blatantly obvious that Someone in China did something. Still that's not conclusive proof that governments are involved.
It's not low level war until the Chicoms can see our junk.
China's greatest weapon is a SSH-scanning botnet. Fuck these guys and the horse they rode in on.
It is simply stunningly illogical for China to behave this way against such petty targets. It makes absolutely NO sense for them to flaunt their ability and willingness to do so...
Did you miss the part where China builds artificial islands wayyyy past the 200-mile line to do an end run around it?
Il n'y a pas de Planet B.
And ... a DDoS does pretty much nothing to gain you access to government servers or trade secrets.
China has built their entire infrastructure around denying access to information they don't want their people to see. This gives them a way to fire back at the outside sources that help people work around those blocks. If you want to cry about proof, then by all means, RTFA.
While the attack, is progressing, with all the spoofing going on, why is everyone saying its China? With all the communications chips coming out of China, could it be misidentification? And reading your attack? Since you are trying to penetrate their defenses? Meaning its your spiders reporting back, making requests for service?
Hint: the first letter of this acronym means "distributed", which means multiple systems taking part in a coordinated attack. If it's done by a single, powerful supercomputer, I would say it's not quite distributed.
We've seen attack upon attack on various countries by the government of China. These attacks are way beyond simple con jobs for access to government servers or trade secrets. Why the hell do they have MFN status again?
Probably for the same reason the US does.
If you're calling this an act of war, then what the hell was stuxnet? A DOS attack more than pales in comparison to the destruction of Iranian nuclear enrichment equipment.. let's not get too hypocritical here
Glorious exposition, comrade!
It is simply stunningly illogical for China to behave this way against such petty targets. It makes absolutely NO sense for them to flaunt their ability and willingness to do so...
Just like it makes no sense for Americans to bomb the Bikini Atoll, or run new ships on trips around the world. The goal isn't to destroy a Pacific paradise or to wear out the engines, but rather to announce to the political world that we have a new capability, and we're ready to use it as we see fit.
The "petty targets" may be convenient places to point this "Great Cannon"... They provide a noticeable target, and apparently can be analyzed enough to provide some basic details to the rest of the world. Assuming China is behind the attack, we now know that China can run at least this level of attack, and there's no reason to expect that in a full-scale conflict, it wouldn't be turned against more serious targets. We don't know whether the attack can be made even bigger, or if it has different operational modes, or even how quickly such an operation can scale... and that's enough uncertainty to make it a deterrent weapon. It's all political posturing, and from outward appearances, it seems China is showing itself to be fairly powerful, but not yet openly aggressive.
Contrast that with North Korea, which has persistently demonstrated impotent aggression, and our main concern is that they might actually develop a real offensive capability that affects us.
...as the simple course of action the entire reset of the world would take is a simple matter of NULL routing China and going on about their daily business...
...except that a significant part of their daily business has now been null-routed. It's going to be hard to keep that great American economy moving when manufacturers can't contact their contracted suppliers. Without that continuous economic movement, we're facing yet another financial crash, which the United States government probably doesn't want to have happen just yet.
your 'war' would be over before anyone really cared.
On the contrary, an openly-hostile and traceable act (like cleanly disconnecting a major nation) would be the first strike in a bigger escalating conflict, as each side accuses the other of being the guy who really started the fight. Throw in a few false-flag operations and stage a few "exposed" false-flag operations, and it's not a very big leap to having a real war with real weapons and real death.
Frankly, I'd rather just have the political games.
You do not have a moral or legal right to do absolutely anything you want.
whatcouldpossiblygowrong
I was going to post exactly this ...
China does bully and take advantage of petty targets and nations that have no way to defend themselves, and the best example of this is their attitude in the china sea, they are building ilsands to expand their borders, and all of the nations around cant do anything about it... they are first class bullies... I fail to see how their "cyber-attitude" could be any different.
I will just say this: The above post is a lie. I can name plenty of examples to show China's aggression.
If people remember a few years back, US solar companies getting breached, or breach attempts in large numbers, all from China. Six months later, China started shipping panels that mysteriously had the same IP as the US PV makers... but for costs well under what even the rare earths went for. This destroyed the US PV industry, and it nearly destroyed Europe's until they enacted a tariff to level the playing field (China will give you deep discounts on rare earths... provided their companies do the manufacturing... companies that you have to give all trade secrets to.)
So, China isn't an angel in any sense of the word. They have been having a lot of border skirmishes with neighbors. They only have MFN because most US companies can't see past next quarter's earnings.
A DDoS makes sense. Same way someone getting their face decorated with a black eye the first time they hit the prison yard... it sends a message.
China is rampant with pirated copies of old versions of unpatched Windows. Combined with their massive population, it would be unusual to not see lots of botnet attacks from China.
Who do you think it is then, smart guy? If you have a less paranoid alternative (dont say Illuminati, please), I would love to hear it.
> It makes absolutely NO sense for them to flaunt their ability and willingness to do so as the simple course of action the entire reset of the world would take is a simple matter of NULL routing China and going on about their daily business
It amazes me how many Slashdot posts theorize about what *would* happen, under conditions that *already* have been going on for years. If you said that in 1990, it would be a reasonable prediction, an intelligent guess. After 20 years of attacks, very few networks have blocked China completely. We know what *would* happen, because it's *been* happening for many years.
PLA Unit 61398 hacked a few low level sites, the US and Europe did nothing. They hacked some smaller companies. The US and Europe did nothing. They started blasting US and European banks and other key targets with constant attacks. A few web sites started blocking Chinese traffic locally. The US and Europe did nothing. The hacked solar companies and started shipping panels baed on technology recently developed in the US. A couple of government bureaucrats grumbled. They hacked some shell companies nominally involved in solar, but primarily engaged in federal grants and political donations. The US government indicted their officers, a purely ceremonial exercise - we're not actually going to go get those officers and put them in jail.
That's what actually HAS happened. Your theory about how the US WOULD respond might have been a reasonable guess in 1990, but it's rather outdated now. Like the arguments about what the results would be from banning guns - the UK DID ban handguns, violent crime did double. it already happened. Pretty silly to make guesses about what you think might happen.
ffs, just block all traffic from china's IPs
done, problem fucking solved.
Making sure to check the box for "AC"
I have all of china shut off.
None of my customers that matter, have noticed, nor would they likely give a shit if they knew.
The presence of china on the internet brings NOTHING to the table I want.
Someone should get a sub crew or two to drag through all of china's under sea connections and call it a day. Let em do whatever they want on their own network. We'll send non tainted chicken to them to eat in trade for plastic crap and cheap electronics via boat.
While China still tops the list on my firewalls, Russia has been rapidly raising up over the past few years.
that really doesn't address the question. Though, I'd like to see some evidence of blatantly building directly from stolen blueprints by the 5-eye nations.
Take a look at the stories about China in the South China sea. China is blatantly hostile, this is just another of the many hostilities. Also, it appears that they pay people to AC astroturf on /. This is the only explanation I can come up with for the ACs claiming that we don't know it was China when TFA is quite clear on the research that was done to determine how the attack occurred.
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
Because Bill Clinton thought they should. Congress tried to repeal it in 2005, but the bill failed.
Seems to me like it's time to look at that again.
Stuxnet was an act of mercy for the rest of the world. Iran with a nuke is a scary thing. Look at North Korea if you want to see where it goes. Fortunately NK can't build a nuke small enough or a missile powerful enough to hit the US, but they could hit South Korea or Japan, and they have shown a willingness to attack both.
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
What may be petty to you may not be petty to China government.
That could also be about a billion unpatched versions of Zombie XP running DOSS attacks as part of a huge Botnet and the only reason it originates from China is the fact that everyone uses pirated unpatched versions of OS there. Just speculating, but that would make sense. Not saying that is isn't a Chinese directed botnet, but it may not be the national government.
That all these "Chinese Cyber Attacks" are in actuality more due to the fact that most of the versions of Windows in China are pirated and unpatched. This would make them the biggest target for the creation of zombie botnets which can be controlled by anyone really for whatever nefarious purposes, such as DOSS attacks on whoever. The Russians seem to have the most of those types of individuals out there, so it is more likely individual or groups or Russian hackers, owning Chinese botnets and using them to try and extort money, or for just lulz.
Why would China not respond to that? Firstly because it is beneath them. Secondly, that would be admitting to the US that they are probably in major breach of trade violations regarding IP, Copyright, etc... more so than already. That they would at least have to try and look at doing something about it, which would be crippling and such a large amount of money that I hesitate to even take a stab at how much that might be, and the affect that would have on the Chinese economy and technological innovation. Think about how many copies of Windows might be running in China, that are pirated, and if all of them had to pay, even the discounted foreign rate MS might charge.
It's hard to say with NK. They don't have the military capacity to take on the world, and they know it - but they do need an effective deterrant, and you can only have an effective deterrant if the world believes you are crazy enough to use it.
Worked real well for Cuba...
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
This is the only explanation I can come up with for the ACs claiming that we don't know it was China when TFA is quite clear on the research that was done to determine how the attack occurred.
Occam's Razor. Probably they just didn't RTFA.
Any sufficiently simple magic can be passed off as mere advanced technology.
Other than you saw some other moron on the Internet say 'China Did It' ... can you provide some actual proof to back up your claims.
50 cent army on the prowl!
It is simply stunningly illogical for China to behave this way against such petty targets. It makes absolutely NO sense for them to flaunt their ability and willingness to do so as the simple course of action the entire reset of the world would take is a simple matter of NULL routing China and going on about their daily business, your 'war' would be over before anyone really cared.
Its not like this fits with the MO of China, right?
Its not like they negotiated with Microsoft, Yahoo, and Google to expose dissidents on those blogging platforms a decade ago.
Not like they coordinated with Skype to capture phone conversations via their well-documented TOM platform.
Not like they used state-sponsored hackers to infiltrate Google, like they commonly attempt to do corporate espionage.
Not like they engaged in a well-documented and highly-visible war with Google when Google retaliated by ending their cooperation.
Not like they cooperated with the recent hacks on Sony (where do you think North Korea gets its internet uplink from?)
Not like the recent github attacks were traced back to Baidu, a search engine with ties to the CPC
You'd have to have your head in the sand not to see this as an extension of their "control all speech" policy, and either be ignorant or a member of the wng píng yuán to defend them.
Blowback. I'm from the UK and read anti Chinese sentiment on Slashdot every day. The us and UK are hacking everyone and everything, yet here people are screaming when China does anything similar, talking about cutting China off from the net.
It's ridiculous.
You realize the pentagon is way worse in regards to this?
Now go back to watching your daily CNN/MSNBC/Foxnews brainwashing
And, I receive a metric fuckton of brute force attacks from US IPs all the time. My stats from last year had over 80% of our brute force attempts come from cloud and dedicated server providers in the US.
Microsoft: We're not vulnerable to DDoS attacks
http://www.networkworld.com/co...
PERTINENT QUOTE/EXCERPT:
"At Microsoft we have robust mechanisms to ensure we don't have unpatched servers. We have training for staff so they know how to be secure and be wise to social engineering. We have massively overbuilt our internet capacity, this protects us against DoS attacks. We won't notice until the data column gets to 2GB/s, and even then we won't sweat until it reaches 5GB/s. Even then we have edge protection to shun addresses that we suspect of being malicious."
---
Why attackers can't take down Amazon.com:
http://money.cnn.com/2010/12/0...
PERTINENT QUOTE/EXCERPT:
"So Amazon (AMZN, Fortune 500) has spent years creating and refining an "elastic" infrastructure, called EC2, designed to automatically scale to handle giant traffic spikes... But Amazon's entire business model is built around handling intense traffic spikes. The holiday shopping season essentially is a month-long DDoS attack on Amazon's servers -- so the company has spent lavishly to fortify itself."
---
Investing in one of THESE is a big help:
DDoS Appliances:
http://www.google.com/search?s...
Because DDoS/DoS CAN be stopped (Microsoft & Amazon are setup PERFECTLY vs. it in fact, read on below on that note)!
---
Use of CDN *might* help too - to distribute loads & "attack surface area" which helps also! Use of TCP vs. UDP (vs. DDoS by DNS Amplification attacks *may* help, but it doubles your overheads).
* There's also LOADS of settings that I know of (for Windows systems @ least) that help mitigate this as well & SHOULD be part of 'security-hardening' vs. such attacks also.
APK
P.S.=> There's plenty you CAN do vs. DDoS, but you've got to have the coin/dead-presidents to setup such a network (per AMAZON & MS above) ...
... apk
It did. They haven't been invaded. Even if they don't have their own nukes, they have allies who do - which is enough.
"It is simply stunningly illogical for China to behave this way against such petty targets."
Really, why? Because you say it is so? It seems to me that the Chinese have been perfectly willing to be very aggressive, on all fronts, against even the most picayune targets these days. They seem to have a take no prisoners and leave no stone un-turned approach to anything that could conceivably be perceived as a threat to the state.
I WISH the USA were playing the game as seriously as the Chinese.
Unfortunately the USA has too much of a conscience and it ultimately restrains their behavior. The USA even punishes their own corporations for theft of trade secrets from foreign companies and bribery of foreign officials. China has no problem with their corporations doing whatever they need to to win the economic war. In China's view, what's good for their corporations is good for China.
It's time the USA wake up to the reality that nations are working in the best interest of their own nations. We're not going to be some big happy global family, at least not in the near term.
If anything, other nations more than ever are looking to punish the USA.
I am certainly not being hypocritical. I think StuxNet was a fine thing compared to the real shooting war alternative.
China has MFN status because they have lots of money to loan Western countries. We don't want to annoy them to the point that they adversely effect the Western economy in unpredictable ways. They are the world's best liars when it comes to denying their actions. If a Chinese official was video recorded throwing a rock that broke a window, the PRC would claim that he never did that. Along with modern capitalist methods, that's another thing that the Nixon administration likely taught them. Always deny the dirty truth with great sincerity.
http://www.slideshare.net/Shakacon/netizen-death-star-l0rd-v covers an anonymous researchers review of this capability over a year ago.
It makes absolutely NO sense for them to flaunt their ability and willingness to do so as the simple course of action the entire reset of the world would take is a simple matter of NULL routing China and going on about their daily business
unless of course you are a proxy server trying to aid Chinese ppl trying the evade the great firewall of China. Think of this as a new option to make evading their firewall much more expensive.
Rotfl, The US punishes companies caught stealing trade secrets only when a bigger deal is on the agenda.
It's naive to think that US is playing fair when the rest of the world isn't. They just selectively condemn their own to make it look that way.