Another Reason To Deploy Encryption Widely: Spiking China's 'Great Cannon' Attack

from the reasons-to-be-crypto dept

A couple of weeks ago, Mike provided an in-depth analysis of China’s new tactic in its longstanding efforts to restrict access by its population to material that challenges the official narrative. This powerful DDoS attack has now been dubbed “China’s Great Cannon” by researchers in a fascinating analysis published by The Citizen Lab. As Mike pointed out, one reason why this new approach has been developed is that it is not possible to block individual URLs when HTTPS traffic is involved. Thus, ironically, the increased use of encryption — which is meant to protect users online — led to the development of a powerful new digital weapon that potentially makes them not just victims, but even part of the attack. However, encryption is also a remedy, as The Citizen Lab researchers write:

Our findings in China add another documented case to at least two other known instances of governments tampering with unencrypted Internet traffic to control information or launch attacks — the other two being the use of QUANTUM by the US NSA and UK?s GCHQ. In addition, product literature from two companies, FinFisher and Hacking Team, indicate that they sell similar “attack from the Internet” tools to governments around the world. These latest findings emphasize the urgency of replacing legacy web protocols, like HTTP, with their cryptographically strong versions, like HTTPS.

However, the remedy is only partial. Writing on his blog, Brian Krebs quotes Bill Marczak, one of the lead authors of the Great Cannon report, as saying:

Relying on an always-on encryption strategy is not a foolproof counter to this attack, because plug-ins like https-everywhere will still serve regular unencrypted content when Web sites refuse to or don’t offer the same content over an encrypted connection. What’s more, many Web sites draw content from a variety of sources online, meaning that the Great Cannon attack could succeed merely by drawing on resources provided by online ad networks that serve ads on a variety of Web sites from a dizzying array of sources.

“Some of the scripts being injected in this attack are from online ad networks,” Marczak said. ?But certainly this kind of attack suggests a far more aggressive use of https where available.”

This confirms that encryption is no panacea, but is certainly worth deploying. The fact that it can make China’s Great Cannon attacks harder, if not impossible, should also give pause to government officials around the world as they try to demonize encryption and call for it to be weakened or even banned.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Filed Under: , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Another Reason To Deploy Encryption Widely: Spiking China's 'Great Cannon' Attack”

Subscribe: RSS Leave a comment
18 Comments
Rich Kulawiec (profile) says:

Yet another reason to block/blacklist/firewall advertising

“Some of the scripts being injected in this attack are from online ad networks”

Of course they are, since the worthless morons running those ad networks have failed, for YEARS, to make even token efforts to ensure the security and integrity of the content they’re serving. (They’re much too busy spying and invading privacy.) As a result, ad networks are knives held to the throats of Internet users and should be blocked, blacklisted and firewalled whenever and wherever possible.

Yes, I know I'm commenting anonymously says:

HTTPS everywhere

It should help greatly if tools like HTTPS everywhere remembered which sites they can connect to with the encrypted protocol (store that info locally). Then (optionally) prompt the user what to do when it cannot connect securely to one of these.
There are similar plugins for scripts and 3rd party content that allow the user control without having to spend too much time on these settings.

Richard (profile) says:

Do you really think other governments are on our side?

This confirms that encryption is no panacea, but is certainly worth deploying. The fact that it can make China’s Great Cannon attacks harder, if not impossible, should also give pause to government officials around the world as they try to demonize encryption and call for it to be weakened or even banned.

Most officials of most governments are cheering China on under their breath. It is only in pubklic that China is condemned. In private they have the same agenda. It is just the remaining barriers of free speech and democracy that stop them saying so publicly.

GEMont (profile) says:

And now for something completely different...

Sometimes, you just have to love how reality works.

On the one hand, we have the Spy Agencies and Corporations of America doing their criminal best to destroy encryption and weaken security world wide, just so they can read everyone’s communications and use the information for blackmail, crowd control and advertising.

The American public, utterly deprived of a voice in this matter – and most other matters as well – can do nothing to stop the runaway USG and the MAFIA run American Fascist Billionaire Club from doing whatever they damn well please, because the new secret interpretations of the old laws and the constitution, as well as the newly established corporate exploitation and public surveillance laws of the land of the free, allow both the USG and the Mob to do as they please, legally.

And then along comes China – the most backwards-leading country on earth, desperately trying to destroy the influence of western culture, which they believe is making profit difficult for their own billionaires – oops – I meant that they believe is turning their own peasants into freedom fighters…. er… I mean that they think is ruining the moral fiber of the Honorable Chinese People…. and the Chinese Government is doing everything it can to utilize US technology and the USG built backdoor insecurity system to prove to the US public that Obama’s threat of Cyber Terrorists attacking US systems is real, but really just showing the US public how insecure their communications has become under the control of Corporate America and the USG’s Spy apparatus.

Its like a poorly written soap opera, using B-grade actors, in which the writers never bothered to even consider adding a good guy hero to save the day and with the Mob inserting a three minute commercial every three minutes, selling shit as new and improved shinola.

Yep. Civilization. Adulthood. Honor. Honesty. Morality. Truth. You’ve really got to love those popular human myths we keep bragging about having. Too bad they’re not really available any more – except as ideals – in the Land of the Unfree.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »