China fires up 'Great Cannon' denial-of-service blaster, points it toward Hong Kong

Protest organizers come under fire from network traffic barrage


China is reportedly using the 'cannon' capabilities of its massive domestic internet to try and take down anti-government websites in Hong Kong.

The team at AT&T Cybersecurity reports that LIHKG, a forums and social news site being used to organize protests on the island, has been the target of an ongoing distributed denial of service (DDoS) attack from the mainland.

It is believed that the sustained flood of traffic is the result of the offensive capabilities built into the "Great Firewall," China's massive network infrastructure designed to filter, censor, and monitor traffic within the country's borders. Thus far, it appears that LIHKG's anti-DDOS service is holding up to the barrage and the site remains accessible.

The offensive mode, referred to as the Great Cannon, has been known since at least 2015, when it was revealed that PCs visiting sites within the firewall's domain had been seeded with JavaScript code that, on command, would direct them to fire data packets at a specific target.

President Xi of China

Just take a look at the carnage on Notepad++'s GitHub: 'Free Uyghur' release sparks spam tsunami by pro-Chinese

READ MORE

"Normally these URLs serve standard analytics tracking scripts," AT&T said of sites handing out the code. "However, for a certain percentage of requests, the Great Cannon swaps these on the fly with malicious code."

As a result, PCs from within China are now directing repeated requests for data from multiple pages on the LIHKG domain. In some cases, the DDoS flood aims for meme images as well. This, the AT&T team believes, is part of an effort to conceal the attack by making the flood of traffic appear more like normal patterns.

While the attack isn't succeeding at the time of writing, the AT&T security crew says it is concerned.

"It is unlikely these sites will be seriously impacted. Partly due to LIHKG sitting behind an anti-DDoS service, and partly due to some bugs in the malicious Javascript code that we won’t discuss here," the report explains.

"Still, it is disturbing to see an attack tool with the potential power of the Great Cannon used more regularly, and again causing collateral damage to US based services." ®


Other stories you might like

  • Chinese startup hires chip godfather and TSMC vet to break into DRAM biz
    They're putting a crew together, and Beijing's tossed in $750m to get things started

    A Chinese state-backed startup has hired legendary Japanese chip exec Yukio Sakamoto as part of a strategy to launch a local DRAM industry.

    Chinese press last week reported that Sakamoto has joined an outfit named SwaySure, also known as Shenzhen Sheng Weixu Technology Company or Sheng Weixu for brevity.

    Sakamoto's last gig was as senior vice president of Chinese company Tsinghua Unigroup, where he was hired to build up a 100-employee team in Japan with the aim of making DRAM products in Chongqing, China. That effort reportedly faced challenges along the way – some related to US sanctions, others from recruitment.

    Continue reading
  • Governments opt for XaaS, dump datacenters in droves
    Outsource all the things! To whom? The lowest bidder of course, says Gartner

    The world's governments are eager to let someone else handle their IT headaches, according to a recent Gartner report, which found a healthy appetite for "anything-as-a-service" (XaaS) platforms to cut the costs of bureaucracy.

    These trends will push government IT spending to $565 billion in 2022, up 5 percent from last year, the analyst house claims. Gartner believes the majority of new government IT investments will be on service platforms by 2026.

    "The pandemic sped up public-sector adoption of cloud solutions and the XaaS model for accelerated legacy modernization and new service implementations," Gartner analyst Daniel Snyder said in a release. "Fifty-four percent of government CIOs responding to the 2022 Gartner CIO survey indicated that they expect to allocate additional funding to cloud platforms in 2022, while 35 percent will decrease investments in legacy infrastructure and datacenter technologies."

    Continue reading
  • ZTE intros 'cloud laptop' that draws just five watts of power
    The catch: It hooks up to desktop-as-a-service and runs Android – so while it looks like a laptop ...

    Chinese telecom equipment maker ZTE has announced what it claims is the first "cloud laptop" – an Android-powered device that the consumes just five watts and links to its cloud desktop-as-a-service.

    Announced this week at the partially state-owned company's 2022 Cloud Network Ecosystem Summit, the machine – model W600D – measures 325mm × 215mm × 14 mm, weighs 1.1kg and includes a 14-inch HD display, full-size keyboard, HD camera, and Bluetooth and Wi-Fi connectivity. An unspecified eight-core processors drives it, and a 40.42 watt-hour battery is claimed to last for eight hours.

    It seems the primary purpose of this thing is to access a cloud-hosted remote desktop in which you do all or most of your work. ZTE claimed its home-grown RAP protocol ensures these remote desktops will be usable even on connections of a mere 128Kbit/sec, or with latency of 300ms and packet loss of six percent. That's quite a brag.

    Continue reading
  • Former chip research professor jailed for not disclosing Chinese patents
    This is how Beijing illegally accesses US tech, say Feds

    The former director of the University of Arkansas’ High Density Electronics Center, a research facility that specialises in electronic packaging and multichip technology, has been jailed for a year for failing to disclose Chinese patents for his inventions.

    Professor Simon Saw-Teong Ang was in 2020 indicted for wire fraud and passport fraud, with the charges arising from what the US Department of Justice described as a failure to disclose “ties to companies and institutions in China” to the University of Arkansas or to the US government agencies for which the High Density Electronics Center conducted research under contract.

    At the time of the indictment, then assistant attorney general for national security John C. Demers described Ang’s actions as “a hallmark of the China’s targeting of research and academic collaborations within the United States in order to obtain U.S. technology illegally.” The DoJ statement about the indictment said Ang’s actions had negatively impacted NASA and the US Air Force.

    Continue reading
  • Beijing-backed attackers use ransomware as a decoy while they conduct espionage
    They're not lying when they say 'We stole your data' – the lie is about which data they lifted

    A state-sponsored Chinese threat actor has used ransomware as a distraction to help it conduct electronic espionage, according to security software vendor Secureworks.

    The China-backed group, which Secureworks labels Bronze Starlight, has been active since mid-2021. It uses an HUI loader to install ransomware, such as LockFile, AtomSilo, Rook, Night Sky and Pandora. But cybersecurity firm Secureworks asserts that ransomware is probably just a distraction from the true intent: cyber espionage.

    "The ransomware could distract incident responders from identifying the threat actors' true intent and reduce the likelihood of attributing the malicious activity to a government-sponsored Chinese threat group," the company argues.

    Continue reading
  • TikTok US traffic defaults to Oracle Cloud, Beijing can (allegedly) still have a look
    Alibaba hinted the gig was worth millions each year

    The US arm of Chinese social video app TikTok has revealed that it has changed the default location used to store users' creations to Oracle Cloud's stateside operations – a day after being accused of allowing its Chinese parent company to access American users' personal data.

    "Today, 100 percent of US user traffic is being routed to Oracle Cloud Infrastructure," the company stated in a post dated June 18.

    "For more than a year, we've been working with Oracle on several measures as part of our commercial relationship to better safeguard our app, systems, and the security of US user data," the post continues. "We still use our US and Singapore datacenters for backup, but as we continue our work we expect to delete US users' private data from our own datacenters and fully pivot to Oracle cloud servers located in the US."

    Continue reading
  • Intel delivers first discrete Arc desktop GPUs ... in China
    Why not just ship it in Narnia and call it a win?

    Updated Intel has said its first discrete Arc desktop GPUs will, as planned, go on sale this month. But only in China.

    The x86 giant's foray into discrete graphics processors has been difficult. Intel has baked 2D and 3D acceleration into its chipsets for years but watched as AMD and Nvidia swept the market with more powerful discrete GPU cards.

    Intel announced it would offer discrete GPUs of its own in 2018 and promised shipments would start in 2020. But it was not until 2021 that Intel launched the Arc brand for its GPU efforts and promised discrete graphics silicon for desktops and laptops would appear in Q1 2022.

    Continue reading

Biting the hand that feeds IT © 1998–2022