China’s ‘Great Firewall’ has long been recognised as a symbol for state censorship. Although China has taken perhaps the most extreme response to counteracting foreign Internet traffic, states around the world have adopted other increasingly sophisticated control mechanisms for the Internet. Controls have moved beyond simple denial of information by blocking access to content based on the URL, IP address, or keyword in the user’s request. States now rely upon more subtle control techniques to regulate Internet traffic, including surveillance, information brigades, and legislation to expand censorship powers. This past March, cyberspace witnessed the emergence of a new tool for state Internet control.
The Citizen Lab of the University of Toronto has linked the March cyberattacks on GreatFire.org and GitHub to the Chinese government. These distributed denial-of-service attacks (DDoS) directly targeted systems that allow Chinese Internet users to access ordinarily blocked websites. The Cyberspace Administration of China has previously declared GreatFire.org as a ‘foreign anti-Chinese organization’, as it facilitates circumvention of the Great Firewall. Rather than attributing the cyberattack to the Chinese filtering system, however, the Citizen Lab identified a new tool called the ‘Great Cannon’. The Citizen Lab explains, ‘while the attack infrastructure is co-located with the Great Firewall, the attack was carried out by a separate offensive system, with different capabilities and design’. For instance, while the Great Firewall examines all Internet traffic and blocks access to banned websites, the Great Cannon only examines Internet traffic directed to a limited number of targeted IP addresses, and can suppress and inject Internet traffic to censor material. In effect, the Great Cannon intercepts foreign web traffic, inserts malicious code, and then exploits the Internet traffic to its advantage.
In the context of the DDoS attack on GreatFire.org and its servers on GitHub, the Great Cannon intercepted foreign traffic and inserted malware into the analytics or advertising code of Baidu, China’s largest search engine. As a result, Internet traffic using Baidu’s code was redirected to these sites, which consequently overwhelmed the servers and disabled the sites. Internet users accessing such websites then unknowingly played a role in the DDoS attack on GreatFire.org and GitHub. As the Citizen Lab stressed in its report, the Great Cannon signals ‘the normalization of widespread use of an attack tool to enforce censorship by weaponizing users’.
The emergence of the Great Cannon designates a new phase for state control mechanisms in cyberspace. First, it represents the rise of a new offensive censorship system. This marks a great departure both from passive censorship tools, such as the Great Firewall that simply redirects and blocks Internet traffic, as well as the more sophisticated and subtle tools of information brigades, expansive powers under legislation and surveillance. ‘Weaponizing users’ suggests the increasing ‘militarization of cyberspace’, which has long been predicted by Internet Studies scholars. The Citizen Lab’s report also warned that a quick adjustment to the Great Cannon would allow the Chinese government to target specific Internet users. The government can easily make this modification by tracking Internet traffic from, rather than to, a specific IP address. This system can be understood as a continuation of Quantum, an offensive tool developed by the NSA and GCHQ and later exposed by the Snowden leaks. Should the Chinese government make these changes to the Great Cannon, they would be able to attack both particular websites and individuals to regulate Internet traffic.
The Great Cannon also indicates a new phase for control techniques in cyberspace, as it symbolises the extension of state borders within it. Traditionally, the use of state information controls has been used to establish state borders within cyberspace. States often justify regulating the content of Internet traffic to support national security objectives. For instance, the Chinese government views services such as Greatfire.org and GitHub as ‘foreign hostile forces’ that endanger national security objectives. The Great Cannon has taken a step further than previous techniques, which simply restrict access domestically, as it is able to influence access to information in other countries as well. In order to maintain domestic security, China has expanded its borders in cyberspace.
This new phase of state control, through offensive censorship techniques and the extension of state borders in cyberspace, calls into question the emerging norms of the Internet. The use of both the Great Cannon and Quantum by China, the United States and the United Kingdom signals the increasingly dominant norm of aggressive behaviour in cyberspace. This norm is problematic for several reasons. In the context of China, offensive state control exacerbates users’ self-censorship. This reaction will only be heightened if the government alters the Great Cannon to target individuals with malware. Most importantly, however, aggressive and offensive behaviour in cyberspace will tarnish inter-state relations between countries like China and the United States. The development of both Quantum and the Great Cannon has been justified by national security concerns and self-defence in light of either cyber-espionage or hostile foreign influences. Instead of establishing defensive systems in cyberspace, however, both states have embraced aggressive tools. This reaction on both sides raises the question: just how far will this aggressive behaviour escalate? The ‘militarization of cyberspace’, ‘weaponizing users’, and dominant offensive norm endangers the state cooperation necessary for responsible Internet governance.
If states intend on protecting the notion of an open and free Internet that once served as its founding principle, leaders must radically reconsider current behaviour and norms in cyberspace, and bury offensive tools such as the Great Cannon and Quantum.