The "Great Cannon": How China Turns Its Websites Into Cyberweapons

We may earn a commission from links on this page.

When anti-Chinese censorship services got hit with a crippling distributed-denial-of-service attack last month, researchers quickly pegged China as the culprit. Now, Citizen Lab has pinpointed the Chinese tool that made this attack happen. They’re calling it the Great Cannon.

Separate from but located within China’s Great Firewall, this “Great Cannon” injects malicious code as a way to enforce state censorship, by using cyberattacks to damage services that help people within China see banned content.

The Great Cannon is not simply an extension of the Great Firewall, but a distinct attack tool that hijacks traffic to (or presumably from) individual IP addresses, and can arbitrarily replace unencrypted content as a man-in-the-middle.


With this most recent DDoS attack, the Great Cannon worked by weaponizing the web traffic of visitors to Baidu or any website that used Baidu’s extensive ad network. This means anyone visiting a Baidu-affiliated from anywhere in the world was vulnerable to getting their web traffic hijacked and turned into a weapon to flood anti-censorship websites with too much traffic.

This particular attack had a narrow target: Specific sites known to circumvent Chinese censorship. But Citizen Lab thinks the Great Cannon could be used in a much broader way. Since it is capable of producing a full-blown man-in-the-middle attack, it could be used to intercept unencrypted emails, for example.

The attack launched by the Great Cannon appears relatively obvious and coarse: a denial-of-service attack on services objectionable to the Chinese government. Yet the attack itself indicates a far more significant capability: an ability to “exploit by IP address”. This possibility, not yet observed but a feature of its architecture, represents a potent cyberattack capability.


As Citizen Lab’s researchers note, it’s pretty strange that China would show off this powerful weapon by using it in such a pointed attack.

Conducting such a widespread attack clearly demonstrates the weaponization of the Chinese Internet to co-opt arbitrary computers across the web and outside of China to achieve China’s policy ends.


The only silver lining here is that this may prompt a more urgent push to switch to HTTPS, since the Great Cannon only works on HTTP. This attack makes it painfully obvious that using HTTPS isn’t just a smart safeguard— it’s a necessary precaution against powerful state-sponsored cyberattacks. [Citizen Lab]

Image via Flickr / Dan Hankins

Contact the author at
Public PGP key
PGP fingerprint: FF8F 0D7A AB19 6D71 C967 9576 8C12 9478 EE07 10C