Meet the ‘Great Cannon’—China’s New Internet Offensive

April 10, 2015 Updated: April 10, 2015

Researchers have found a new, aggressive counterpart to China’s web censorship and surveillance filter, the Great Firewall. They call it the “Great Cannon.”

On Friday, Citizen Lab, a research workshop based in the University of Toronto, Canada, issued a report on the Chinese web system behind the recent massive Internet traffic attack on two foreign websites.

Early assessments of the crippling distributed denial of service (DDoS) attacks on Github, an online code library for programmers, and GreatFire, a Chinese Internet freedom organization,  suggest that the Great Firewall—China’s Internet screening and control system—was responsible.

But after some testing, Citizen Lab claims that a powerful, “separate offensive system,” which they dub the “Great Cannon,” was behind the attacks. Great Cannon intercepted foreign web traffic directed at Baidu—China’s Google search engine equivalent—and redirected it back with malicious code. This caused the “largest DDoS attack in’s history,” the company wrote in a blog post.

The extent to which Baidu staff were involved in facilitating the attack is unclear, though the researchers elaborate on the widespread involvement of Baidu sites in hosting the malicious code which launches the attack.


Unlike its Great Firewall defensive brother, which acts as a giant sieve that monitors all traffic going in and out of China, the Great Cannon functions more like a high-powered laser beam that identifies and hijacks traffic from individual computers and uses it to overwhelm a target.

Presently, the Great Cannon only blocks traffic from and launches attacks to a very specific set of addresses—Citizen Lab found that 98 percent of web requests to Baidu were successful while a malicious script was sent only around 2 percent of the time.

China’s latest web weapon, however, could easily be turned to more nefarious purposes—with slight modifications, the Great Cannon could “intercept unencrypted email to or from a target IP address and undetectably replace any legitimate attachments with malicious payloads, manipulating email sent from China to outside destinations,” according to the report.


Citizen Lab speculates that the attack was likely sanctioned by the top rungs in the Chinese regime’s government because of its “potential for political backlash.” Citizen Lab suggests that the State Internet Information Office, the Internet censorship body, and Cybersecurity and Informatization Leading Group, which coordinates cybersecurity coordination—Chinese leader Xi Jinping is its chairman—are likely to be behind this.

As for involving Baidu in the attack, Citizen Lab feels this shows that the Communist Party is willing to “pursue domestic stability and security aims at the expense of other goals, including fostering economic growth in the tech sector.”

Also, the “Great Cannon’s” ability to remotely control the computers of “unwitting users in foreign jurisdictions in the interests of one country’s national priorities is a dangerous precedent” and is a potentially unlawful breach of international law.