April 13, 2015
China Is Said to Use Powerful New Weapon to Censor Internet
By NICOLE PERLROTH
SAN FRANCISCO — Late last month, China began flooding American websites with a barrage of Internet traffic in an apparent effort to take out services that allow China's Internet users to view websites otherwise blocked in the country.
Initial security reports suggested that China had crippled the services by exploiting its own Internet filter — known as the Great Firewall — to redirect overwhelming amounts of traffic to its targets. Now, researchers at the University of California, Berkeley, and the University of Toronto say China did not use the Great Firewall after all, but rather a powerful new weapon that they are calling the Great Cannon.
The Great Cannon, the researchers said in a report published Friday, allows China to intercept foreign web traffic as it flows to Chinese websites, inject malicious code and repurpose the traffic as Beijing sees fit.
The system was used, they said, to intercept web and advertising traffic intended for Baidu — China's biggest search engine company — and fire it at GitHub, a popular site for programmers, and GreatFire.org, a nonprofit that runs mirror images of sites that are blocked inside China. The attacks against the services continued on Thursday, the researchers said, even though both sites appeared to be operating normally.
But the researchers suggested that the system could have more powerful capabilities. With a few tweaks, the Great Cannon could be used to spy on anyone who happens to fetch content hosted on a Chinese computer, even by visiting a non-Chinese website that contains Chinese advertising content.
"The operational deployment of the Great Cannon represents a significant escalation in state-level information control," the researchers said in their report. It is, they said, "the normalization of widespread and public use of an attack tool to enforce censorship."
The researchers, who have previously done extensive research into government surveillance tools, found that while the infrastructure and code for the attacks bear similarities to the Great Firewall, the attacks came from a separate device. The device has the ability not only to snoop on Internet traffic but also to alter the traffic and direct it — on a giant scale — to any website, in what is called a "man in the middle attack."
China's new Internet weapon, the report says, is similar to one developed and used by the National Security Agency and its British counterpart, GCHQ, a system outlined in classified documents leaked by Edward J. Snowden, the former United States intelligence contractor. The American system, according to the documents, which were published by The Intercept, can deploy a system of programs that can intercept web traffic on a mass scale and redirect it to a site of their choosing. The N.S.A. and its partners appear to use the programs for targeted surveillance, whereas China appears to use the Great Cannon for an aggressive form of censorship.
The similarities of the programs may put American officials on awkward footing, the researchers argue in their report. "This precedent will make it difficult for Western governments to credibly complain about others utilizing similar techniques," they write.
Still, the Chinese program illustrates how far officials in Beijing are willing to go to censor Internet content they deem hostile. "This is just one part of President Xi Jinping's push to gain tighter control over the Internet and remove any challenges to the party," said James A. Lewis, a cybersecurity expert at the Center for Strategic Studies in Washington.
Beijing continues to increase its censorship efforts under its State Internet Information Office, an office created under Mr. Xi to gain tighter control over the Internet within the country and to clamp down on online activism. In a series of recent statements, Lu Wei, China's Internet czar, has called on the international community to respect China's Internet policies.
Sarah McKune, a senior legal adviser at the Citizen Lab at the Munk School of Global Affairs at the University of Toronto and a co-author of the report, said, "The position of the Chinese government is that efforts to serve what it views as hostile content inside China's borders is a hostile and provocative act that is a threat to its regime stability and ultimately its national security."
The attacks also show the extent to which Beijing is willing to sacrifice other national goals, even economic ones, in the name of censorship. Baidu is China's most visited site, receiving an estimated 5.2 million unique visitors from the United States in the past 30 days, according to Alexa, a web ranking service.
Kaiser Kuo, a Baidu spokesman, said that Baidu was not complicit in the attacks and that its own networks had not been breached. But by sweeping up Baidu's would-be visitors in its attacks, researchers and foreign policy experts say, Beijing could harm the company's reputation and market share overseas.
Beijing has recently said that it plans to help Chinese Internet companies extend their influence and customer base abroad. At a meeting of the National People's Congress in China last month, Premier Li Keqiang announced a new "Internet Plus" action plan to "encourage the healthy development of e-commerce, industrial networks and Internet banking and to guide Internet-based companies to increase their presence in the international market."
Yet the latest censorship offensive could become a major problem for Chinese companies looking to expand overseas. "They know one of their biggest obstacles is the perception that they are tools of the Chinese government," Mr. Lewis said. "This is going to hurt Baidu's chances of becoming a global competitor."
Researchers say they were able to trace the Great Cannon to the same physical Internet link as China's Great Firewall and found similarities in the source code of the two initiatives, suggesting that the same authority that operates the Great Firewall is also behind the new cyberweapon.
"Because both the Great Cannon and Great Firewall are operating on the same physical link, we believe they are both being run under the same authority," said Bill Marczak, a co-author of the report who is a computer science graduate student at the University of California, Berkeley, and a research fellow at Citizen Lab.
Mr. Marczak said researchers' fear is that the state could use its new weapon to attack Internet users, particularly dissidents, without their knowledge. If s they make a single request to a server inside China or even visit a non-Chinese website that contains an ad from a Chinese server, the Great Cannon could infect their web communications and those of everyone they communicate with and spy on them.
Ultimately, researchers say, the only way for Internet users and companies to protect themselves will be to encrypt their Internet traffic so that it cannot be intercepted and diverted as it travels to its intended target.
"Put bluntly," the researchers said, "unprotected traffic is not just an opportunity for espionage but a potential attack vector."
2015年04月13日
中国启用"网络大炮" 加强境外互联网审查
NICOLE PERLROTH
旧金山——上个月底,中国开始利用大量网络流量冲击美国网站,此举似乎是为了阻止那些促使中国互联网用户可以浏览在国内遭到屏蔽的网站的服务。
初步的安全报告显示,中国利用自己的互联网过滤系统"防火长城"(Great Firewall),将大量数据流量重新定向到目标网站,进而冲垮网站的服务。如今,加州大学伯克利分校(University of California, Berkeley)和多伦多大学(University of Toronto)的研究人员表示,中国利用的不是"防火长城",而是一种强大的新武器,他们称之为"大炮"(Great Cannon)。
研究人员在周五发表报告称,"大炮"使得中国能够在外国网络流量流向中国网站时进行拦截,注入恶意代码,然后按照北京方面的意图,将这些流量重新定向实现其他目的。
他们表示,这种系统被用来拦截中国最大的搜索引擎百度的网站流量及广告流量,然后利用这些流量冲击GitHub和 GreatFire.org,前者是一个广受程序员欢迎的网站,后者是一家非营利性组织,运营着被中国屏蔽网站的镜像。研究人员表示,周四,针对这些服务 的攻击仍在持续,尽管两个网站似乎都在正常运转。
但研究人员表示,这种系统可能拥有更强大的能力。经过一些调整,"大炮"就可以被用于监视任何一个人,只要他碰巧浏览了托管在中国电脑上的内容,甚至是访问了包含中国广告的外国网站。
"'大炮'的行动部署代表着国家级的信息控制明显升级,"研究人员在报告中写道。他们表示,这是"广泛、公开地运用攻击手段来实行审查的常态化"。
之前曾对政府监听工具开展过大量研究的研究人员发现,尽管基础设施和代码与"防火长城"存在相似之处,但相关攻击来自另外一种设备。该设备不仅具备窥探互联网流量的能力,还能在所谓的"中间人攻击"中大规模地操纵互联网流量,并将其指向任何网站。
报告称,中国新采用的互联网武器,与美国国家安全局(National Security Agency,简称NSA)与英国对等机构政府通讯总部(Government Communications Headquarters,简称GCHQ)共同开发和使用的一个系统类似。美国前情报机构承包商雇员爱德华·J·斯诺登(Edward J. Snowden)泄露的机密文件,对该系统有简要说明。从发表在"拦截"(The Intercept)网站上的相关文件来看,美国的系统能部署一套程序,可以大规模拦截网络流量,并将其重定向到自己选定的网站。NSA及其合作伙伴似乎 把相关程序用在了定点监视上,而中国则似乎把"大炮"当做一种咄咄逼人的审查手段。
研究人员在报告中称,程序间的相似之处可能会让美国官员感到尴尬。"有了这一先例,西方国家的政府可能难以令人信服地抱怨使用类似技术的其他国家,"他们写道。
尽管如此,这个中国程序说明,北京的官员在审查他们认为是敌对互联网内容的东西上愿意走多远。 "这是国家主席习近平加强对互联网的控制、删除任何挑战党的内容之努力的一部分,"华盛顿战略研究中心网络安全专家詹姆斯·A·刘易斯(James A. Lewis)说。
习近平为了更严密地控制国内的互联网、打击公民的网上行动,成立了国家互联网信息办公室,在该办公室的领导下,北京不断增强网络的审查力度。中国互联网主管鲁炜在最近的一系列声明中,敦促国际社会尊重中国的互联网政策。
莎拉·麦库恩(Sarah McKune)是多伦多大学蒙克全球事务学院(Munk School of Global Affairs)公民实验室(Citizen Lab )的高级法律顾问,也是报告和共同作者之一,她说,"中国政府的立场是,为中国境内提供被政府视为敌对内容的服务,是一种敌对和挑衅行为,是对中 国政权稳定的威胁,并最终是对国家安全的威胁。"
这些袭击还显示,在多大程度上,北京愿意以审查的名义牺牲其他国家目标,甚至是经济方面的目标。百度是中国访问量最大的网站,据提供网站排名服务的Alexa公司估计,百度在过去30天内接受到来自美国的独立访问者达520万个。
百度发言人郭怡广说,百度对袭击不知情,而且百度本身的网站没有受到攻击。然而,研究人员和外交政策专家说,北京通过利用可能成为百度访问者的用户来进行袭击,会损害该公司的海外名声及市场占有率。
北京最近表示,它打算帮助中国互联网企业扩大它们在海外的影响力和用户群。在上个月的全国人民代表大会上,李克强总理宣布了一项名为"互联网+"的新计划,以"促进电子商务、工业互联网和互联网金融健康发展,引导互联网企业拓展国际市场"。
不过,最近的审查攻势可能会成为中国企业寻求海外扩张的一个主要问题。"他们知道他们最大的障碍之一是,人们认为他们是中国政府的工具,"刘易斯说。"这会损害百度成为一家全球性竞争企业的机会。"
研究人员说,他们能够把"大炮"追朔到中国"防火长城"用的同一个物理网络连接,并在这两种措施的源代码中找到了相似之处,这表明,同一机构既操作"防火长城",也指挥着这个新的网络武器。
"由于'大炮'和'防火长城'都在同一个物理连接上操作,我们相信,它们在同一个权力机构下运行,"报告的共同作者比尔·马尔切克(Bill Marczak)说,他是加州大学伯克利分校计算机科学专业的研究生,也是公民实验室的研究员。
马尔切克说,研究人员担心的是,国家能利用这一新武器,在受攻击对象不知道的情况下,来攻击互联网用户,尤其是异见者。一旦用户对中国境内的 服务器发出一次请求,甚至如果访问的是一个非中国网站、但该网站上有一个来自中国服务器的广告,"大炮"就可能侵入这些用户的网络通讯,并侵入那些与他们 联系者的网络流量,从而搜集这些人的信息。
研究人员说,最终,互联网用户和公司唯一能保护自己的方法是,对自己的互联网通讯加密,使通讯在到达预定目标之前,无法被拦截和转移。
研究人员说,"坦白地讲,无保护的通讯不只是为间谍提供机会,但且是一个潜在的攻击向量。"
翻译:Cindy Hao
No comments:
Post a Comment