This article is more than 1 year old

China fires up 'Great Cannon' denial-of-service blaster, points it toward Hong Kong

Protest organizers come under fire from network traffic barrage

China is reportedly using the 'cannon' capabilities of its massive domestic internet to try and take down anti-government websites in Hong Kong.

The team at AT&T Cybersecurity reports that LIHKG, a forums and social news site being used to organize protests on the island, has been the target of an ongoing distributed denial of service (DDoS) attack from the mainland.

It is believed that the sustained flood of traffic is the result of the offensive capabilities built into the "Great Firewall," China's massive network infrastructure designed to filter, censor, and monitor traffic within the country's borders. Thus far, it appears that LIHKG's anti-DDOS service is holding up to the barrage and the site remains accessible.

The offensive mode, referred to as the Great Cannon, has been known since at least 2015, when it was revealed that PCs visiting sites within the firewall's domain had been seeded with JavaScript code that, on command, would direct them to fire data packets at a specific target.

President Xi of China

Just take a look at the carnage on Notepad++'s GitHub: 'Free Uyghur' release sparks spam tsunami by pro-Chinese


"Normally these URLs serve standard analytics tracking scripts," AT&T said of sites handing out the code. "However, for a certain percentage of requests, the Great Cannon swaps these on the fly with malicious code."

As a result, PCs from within China are now directing repeated requests for data from multiple pages on the LIHKG domain. In some cases, the DDoS flood aims for meme images as well. This, the AT&T team believes, is part of an effort to conceal the attack by making the flood of traffic appear more like normal patterns.

While the attack isn't succeeding at the time of writing, the AT&T security crew says it is concerned.

"It is unlikely these sites will be seriously impacted. Partly due to LIHKG sitting behind an anti-DDoS service, and partly due to some bugs in the malicious Javascript code that we won’t discuss here," the report explains.

"Still, it is disturbing to see an attack tool with the potential power of the Great Cannon used more regularly, and again causing collateral damage to US based services." ®

More about


Send us news

Other stories you might like