Colloquium: Peering Down the Barrel of China's Great Cannon

Tuesday, October 13, 2015 - 13:00 to 14:00
120 Conference Room

Peering Down the Barrel of China's "Great Cannon" with Nicholas Weaver from UC Berkeley

Abstract: Recently, unwitting web servers were recruited as participants in a denial of service attack on Github, as various scripts for Baidu services were replaced with malicious versions. The device responsible for this attack, although related to the well known Chinese "Great Firewall", is a separate, in-path exploitation tool which we have dubbed the "Great Cannon". During the ongoing attack, we were able to identify the Great Cannon as a separate device, determine that it was a true man-in-the-middle attacker located in the backbone, isolate network links hosting the Great Cannon, detect implementation artifacts shared with the Great Firewall, and determine that it too is a parallel cluster.

Conducting such a widespread attack clearly demonstrates the weaponization of the Chinese Internet to co-opt arbitrary computers across the web and outside of China to achieve China's policy ends. Additionally, although the payload launched by the Great Cannon appears relatively obvious and coarse, this attack itself indicates a far more significant capability: an ability to "exploit by IP address". This possibility, not yet observed but a feature of its architecture, represents a potent cyberattack capability.

Joint work between ICSI, UC Berkeley, Citizen Lab at University of Toronto's Munk School of Global Affairs, and Princeton University.

Speaker Bio: Nicholas Weaver received a B.A. in Astrophysics and Computer Science in 1995, and a Ph.D. in Computer Science in 2003 from the University of California at Berkeley. Although his dissertation was on novel FPGA architectures, he also focused on Computer Security, including postulating the possibility of very fast computer worms in 2001. He joined the International Computer Science Institute (ICSI) in 2003. His primary research focus is on network security, notably worms, botnets, and other internet-scale attacks, and network measurement. Other areas have included both hardware acceleration and software parallelization of network intrusion detection, defenses for DNS resolvers, and tools for detecting ISP-introduced manipulations of a user's network connection.

Read about Weaver here:

Computed Event Type: 
Event Title: 
Colloquium: Peering Down the Barrel of China's Great Cannon