This article caught my eye because of the excerpt we read on Yahoo! and China. Essentially, Yahoo! and China partnered up such that web traffic dealing with the Chinese government would be filtered out. Now, without Yahoo!'s help, China has a new piece of technology that is being called the Great Cannon and it's being exploited in negative ways. What it's doing right now is taking any web traffic that is going to Chinese websites, putting malicious code into that traffic and redirect it to any site they wish. For example, a few of the sites that had malicious web traffic directed towards them are GitHub (a code repository service) and GreatFire.org (a site that hosts mirrors of other websites that blocked in China).
It seems to me that China wanted a stronger option than just filtering out information that could be detrimental to their political power. However, the big difference is this attack does not involve Yahoo!. Instead, it involves China's biggest search engine company called Baidu. Any queries that go through the Baidu search engine were re-purposed to attack GitHub and GreatFire.org. The ability to do this is called a "man-in-the-middle" (MITM) attack.
Although this is clearly an attempt to control information exchanges in China and maintain the current party's powerful political position, the Great Cannon exploit has the potential to be used for far greater information control. With some minor modifications, the exploit can be used to spy on anyone who navigates to a site with Chinese-hosted content on it. For example, I could be on any website, whether it be Chinese or non-Chinese, and still be spied on if there is Chinese-hosted content on that site, such as an advertisement.
It's interesting to note that within the documents released by NSA whistle-blower Edward Snowden, there is a program similar to Great Cannon with respect to the USA and Britain. However, this program is for targeted surveillance purposes, where China's goal is clearly for information control and censorship.
By being a part of this scheme, the search engine Baidu is limiting their potential for economic growth. This helps solidify the perception of many that Baidu is a governmental puppet, rather than an entity operating independently of censorship. Users with more relaxed freedom of speech laws like the US and other countries as well would not be interested in a company that is part of spy and MITM attacks. In the end, the best way to protect yourself against potential attacks like this is to encrypt your internet traffic. Any unencrypted information that passed through the internet is very easy to read and manipulate.
I have 2 issues with this type of program. First, the information control aspect is flat-out wrong. By taking out sites that dissent about the Chinese government, one cannot fully know both sides to the story and they'd only see the governmental spin. Citizens should be educated on how their government operates so they can make up their own minds, not the government doing it for them, The second aspect is spying on potentially innocent web users. If you visit a site with an advertisement hosted in Chinese, you could be a victim of the exploit and then they'd be able to spy on your web activity.
I find this to be a very gutless move by the Chinese government, for both Chinese and non-Chinese citizens. Agree? Disagree? Flashes of an Orwellian 1984?
http://www.nytimes.com/2015/04/11/technology/china-is-said-to-use-powerful-new-weapon-to-censor-internet.html?ref=technology&_r=0
The Chinese government is always censoring something; they do seem to constantly hold a tight grip around the flow of information into the country. They have always had ways to censor their citizens’ internet access; but this Great Cannon is certainly something new. This is a cyberweapon without a doubt; carrying out DDoS attacks against sites by piggybacking on user traffic certainly fits that bill. I can definitely see this causing quite a bit of controversy in the near future.
ReplyDeleteI also agree with what you say about Baidu limiting their potential for economic growth – but I don’t think that they particularly care. It’s a Chinese web servicing company, and many talk about the high degree to which it cooperates with the Chinese government. Many view it as the Chinese government’s tool; and if this is indeed the case, then Baidu has no reason to care what the outside world thinks about it, so long as its own home country continues to allow its operation.