We show that, while the attack infrastructure is co-located with the Great Firewall, the attack was carried out by a separate offensive system, with different capabilities and design, that we term the “Great Cannon.” The Great Cannon is not simply an extension of the Great Firewall, but a distinct attack tool that hijacks traffic to (or presumably from) individual IP addresses, and can arbitrarily replace unencrypted content as a man-in-the-middle.
我 们展示了这样一个事实:进行攻击的设备基础架构是和GFW部署在一起的,但是攻击是由分离的攻击系统实现的,这一系统拥有与GFW不同的设计和能力,我们 将之称为“巨型加农炮”。巨炮并不是一个对于GFW的简单扩展,而是一个绑架通向(或来自于)个体IP地址流量的工具,还能够以中间人的身份任意替换未加 密的通信内容。
The operational deployment of the Great Cannon represents a significant escalation in state-level information control: the normalization of widespread use of an attack tool to enforce censorship by weaponizing users. Specifically, the Cannon manipulates the traffic of “bystander” systems outside China, silently programming their browsers to create a massive DDoS attack. While employed for a highly visible attack in this case, the Great Cannon clearly has the capability for use in a manner similar to the NSA’s QUANTUM system,4 affording China the opportunity to deliver exploits targeting any foreign computer that communicates with any China-based website not fully utilizing HTTPS.
巨炮的部署和操作意味着国家级信息控制系统的显著升级:通过武器化用户来强化审查这一攻击工具的攻击手段会逐渐变得普遍和正常化。
4/26 首页 上一页 2 3 4 5 6 7 下一页 尾页
|