Cyber Defense

Attacks reveal China's 'Great Cannon' cyber weapon

China has developed a powerful new cyber weapon capable of extending its censorship efforts, along with targeted cyberattacks, around the world, researchers say.

According to a report released Friday by Citizen Lab, the tool was used late last month to conduct large-scale distributed denial of service attacks on websites and servers run by that were trying to provide access to blocked Chinese websites.

The attacks originally were attributed to China’s Great Firewall, the Internet filter China uses to censor content, but researchers at the University of California, Berkeley, University of Toronto, International Computer Science Institute and Princeton University, after studying the attacks, attributed it to a new weapon they dubbed “the Great Cannon.” While the Great Firewall is known for blocking content within China, the researchers said the Great Cannon could export censorship activities—and outright cyberattacks—outside the country.

The tool, co-located with the Great Firewall, can hijack a computer and put it to use in a DDOS attack, the researchers said, and could easily be adapted to inject malicious code into any system that communicates with a website in China while not using encryption.

In the recent attacks on, a non-profit that helps users get access to censored Chinese sites, the Cannon initially intercepted unencrypted, non-Chinese Web traffic intended for the Chinese search engine Baidu and directed it at servers rented by the organization. Ten days later, two GitHub Web pages run by GreatFire suffered similar attacks.

The tool is capable of intercepting traffic to and from individual IP addresses and replacing unencrypted content in a “man in the middle” attack, and could also intercept unencrypted email, replacing legitimate content with malicious code, the researchers said.

The Great Cannon, in fact, shows similarities to QUANTUM, used by the National Security Agency and the U.K.’s GCHQ intelligence agency to redirect large streams of traffic, according to documents leaked by Edward Snowden.

The researchers said they were surprised that China would make such a high-profile, public use of the Great Cannon, but concluded that, “Conducting such a widespread attack clearly demonstrates the weaponization of the Chinese Internet to co-opt arbitrary computers across the web and outside of China to achieve China’s policy ends.” They said coopting foreign computers for a country’s purposes sets a “dangerous precedent” that goes against international norms and many countries’ domestic laws.

About the Author

Kevin McCaney is a former editor of Defense Systems and GCN.

Defense Systems Update

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.