In an earlier post I talked about how the Chinese government has used its “Great Firewall” censorship machinery on an expanded list of targets – from its own citizens to ordinary Americans who happen to visit Internet sites in China. By intercepting the ad and analytics scripts that Americans downloaded from Chinese sites, the Chinese government was able to infect the Americans’ machines with malware. Then the government used that malware to create a “Great Cannon” that aimed a massive number of packets at the US company GitHub. The goal was to force the company to stop making news sites like the New York Times and Greatfire.org available to Chinese citizens. The Great Cannon violated a host of US criminal laws, from computer fraud to extortion. The victims included hundreds of thousands of Americans. And to judge from a persuasive Citizen Lab report, China’s responsibility was undeniable. Yet the US government has so far done nothing about it.
US inaction is thus setting a new norm for cyberspace. In the future, it means that many more Americans can expect to be attacked in their homes and offices by foreign governments who don’t like their views.
The US government should be ashamed of its acquiescence. Especially because the Great Cannon is surprisingly vulnerable. After all, it only works if foreigners continue to visit Chinese sites and continue to download scripts from Chinese ad networks. They supply the ammunition that the Great Cannon fires. If no one from outside China visits Chinese search sites or loads Chinese ads, the Cannon can’t shoot.
Continue Reading The GitHub Attack and Internet Self-defense