The following censorship instructions, issued to the media by government authorities, have been leaked and distributed online. The name of the issuing body has been omitted to protect the source.
Sites must stop republishing the Global Times article “Foreign Media Grabs Chance to Hype China’s ‘Great Cannon’; May Be American Effort to Shift Blame.” Don’t comment on related topics or content, and downplay the story. (April 13, 2015) [Chinese]
The Global Times article summarizes Western media coverage of the recent Citizen Lab report on China’s “Great Cannon” cyberweapon. Researchers identified the tool following a major cyberattack against codesharing site GitHub last month, apparently intended to force the removal of censorship circumvention tools hosted there. Global Times goes on to quote experts accusing the U.S. and foreign media of stirring up a fictitious online China threat, and suggesting that the GitHub attack may have been a false flag operation. Translated by CDT:
Chinese information security expert Shu Xiaoqiu indicated to a GT reporter on April 12th that details on the “Great Cannon” up to this point are not very clear, so he couldn’t directly comment on this highly technical incident. But this incident was in no way an isolated one: it is just the latest in a series of “Chinese cyberattacks” concocted against the backdrop of alternating pressure from American policy and public opinion. Cybersecurity has become a hot topic seen all over Chinese and American newspapers this year. U.S. President Barack Obama has signed two presidential orders related to cybersecurity in succession this year. The first, in February, mainly concerned threats to the U.S.’ domestic Internet security, requiring close cooperation and information sharing between government and private enterprise, the use of non-governmental resources to handle cyberattacks, and the protection of American business interests and national information security. On April 1st, Obama also signed an order on “sanctions” against cross-border hackers. These presidential orders turned Internet security into a major agenda item in the U.S. current internal affairs and foreign policy; against this backdrop, a handful of individual American businesses, organizations, and media outlets have played up so-called cyberattacks by Chinese hackers, creating and maintaining both in the U.S. and internationally the public perception of a Chinese cyberthreat to America.
Shu Xiaoqiu believes that the U.S. is using ruses like these presidential orders and a ban on computer chip sales to China [see background at CDT] to exert pressure, with additional public pressure created by hype from the media and other organizations. The end goal is to force China to submit.
Another Chinese expert who requested anonymity said that it is very difficult to pin down the network and IP address of DDoS [Distributed Denial of Service] instigators, and that it is unclear how the foreign specialists established a link between the GitHub DDoS and China. Moreover, American media admit that the “Great Cannon” closely resembles network monitoring and control technology used by the CIA [sic – actually NSA] and Britain’s GCHQ. The American system is capable of intercepting and redirecting a great quantity of network traffic. Therefore, this expert told a Global Times reporter, one cannot rule out the possibility that some foreign organization possessing this kind of technology carried out the attack, and then shifted the blame onto China. [Chinese]
The question of attribution is addressed in detail in the Citizen Lab report. In comments at security expert Bruce Schneier’s blog, co-author Nicholas Weaver described the link to China as “damn solid.” Cartoonist Badiucao was convinced:
Meanwhile, an unsigned Review & Outlook piece at The Wall Street Journal also pounced on the similarity between the Great Cannon and NSA’s QUANTUM, speculating that leaker Edward Snowden may have handed China the NSA’s code. On Twitter, study co-author Bill Marczak responded “No, no he didn’t,” while Weaver commented that the theory makes little sense given differences in the two systems’ designs. Citizen Lab director Ron Deibert dismissed it as “lame” and “baseless speculation,” while anti-censorship group GreatFire.org, the ultimate targets of the GitHub attack, labeled it “complete bullshit.”
The WSJ cited a South China Morning Post report that the Cannon had been in development for “about one year”; whether or not this lends credence to the Snowden accusation, Weaver commented that it might explain the weapon’s “somewhat crude” implementation.
In effect, China reached beyond its borders and carried out a destructive and powerful assault on an Internet site that it did not like. North Korea is believed last year to have struck across borders, using different techniques, against Sony Pictures Entertainment.
China has long attempted to intimidate academics, news media and others abroad. China also has carried out an aggressive and intrusive campaign of cyberespionage against military, government and commercial targets in the United States and elsewhere. But there is something new and disturbing in the appearance of the Great Cannon.
[…] If China’s government would do this to Greatfire.org, a Web site that sought to thwart its censorship, then what will it do next? And to whom? [Source]
Not least among its potential victims are Chinese tech companies, including Baidu, whose code was hijacked to enable the GitHub attack. From Adam Segal at the Council on Foreign Relations:
If the Chinese government is behind the attacks, and there is every reason to believe that it is, then the Great Cannon is a notable instance of Beijing extending censorship and its conception of cyber sovereignty on to the global Internet. The authors of the report also argue that the use of Baidu in the attacks is evidence “that the Chinese authorities are willing to pursue domestic stability and security aims at the expense of other goals, including fostering economic growth in the tech sector.” In addition, exploiting Baidu undermines Beijing’s stated goal of helping Internet companies increase their presence in international markets.
Huawei, Xioami, and other Chinese technology companies have encountered issues of trust as they have entered foreign markets, due to questions of use of data and relations with the Chinese government. It appears as if the Great Cannon exploited Baidu without the company’s knowledge (and Baidu has denied involvement in the attacks), but Baidu’s reputation could easily suffer. This dynamic will be familiar to Silicon Valley, which has faced increased scrutiny in Europe and other markets because of NSA programs that exploited the infrastructure of Google, Yahoo, Facebook, and other Internet companies. [Source]
Global Times’ accusations of foreign hype were mirrored in reactions to another report published on Monday. U.S. cybersecurity firm FireEye alleged that China has conducted a “massive” ten-year hacking and phishing campaign against political, economic, military, and media targets across southeast Asia and India. Chinese foreign ministry spokesman Hong Lei responded that “the Chinese government resolutely bans and cracks down on any hacking acts. This position is clear and consistent. Hacking attacks are a joint problem faced by the international community and need to be dealt with cooperatively rather than via mutual censure.” State news agency Xinhua similarly retorted that “China has nothing to gain and a lot to lose through cyber spying,” and dismissed the FireEye report as “yet another silly attempt to blacken China’s positive image”:
Of late, China has been the news in a good way, with its development bank and other initiatives, so it is no surprise that a U.S. Internet security firm has seen fit to rehash tired old cyber spying stories.
[…] The U.S. desperately wants its position as principal guest dancer in the Asia-Pacific theater back. After all, it has been aspiring to choreograph the whole show.
[…] In a post-Snowden, wikileaks world, attacks like FireEye’s latest embarrassing attempt, achieve nothing except drawing further attention to the hypocrisy of the U.S. itself.
Maybe it’s time to drop the petty jealousy? [Source]
At The National Interest, Jon R. Lindsay, Tai Ming Cheung, and Derek Reveron discuss the “competing threat narratives” from China and the U.S.:
In the absence of shared norms or even concepts, cybersecurity discourse becomes mired in competing morality tales. Chinese hackers are pillaging intellectual property and creating asymmetric threats. The National Security Agency (NSA) is jeopardizing civil liberties and weakening the Internet. Communist censorship is undermining the democratic promise of information technology, even as American firms unfairly dominate its development. Cybercrime is costing everyone trillions of dollars.
There is a grain of truth in all of these claims, which means that the phenomenon as a whole must be more complicated than any one suggests. China both generates and experiences serious cyber threats, shaped by a combination of bureaucratic politics and economic policy, domestic security imperatives, military modernization, and ambitions for international influence. Nevertheless, the United States and China both have far more to gain than lose through their digital interdependence. [Source]
Since directives are sometimes communicated orally to journalists and editors, who then leak them online, the wording published here may not be exact. The date given may indicate when the directive was leaked, rather than when it was issued. CDT does its utmost to verify dates and wording, but also takes precautions to protect the source.