Bringing a Cannon to a Knife Fight

Presented at Black Hat USA 2015, Aug. 6, 2015, 9:45 a.m. (50 minutes)

Chinas Great Cannon (GC), the offensive standalone system that serves as a complement to its defensive Great Firewall (GFW), debuted with a bang in early 2015, carrying out massive attacks on anti-censorship site Greatfire.org and everyones favorite code-sharing resource, Github. Not cool, man... This talk aims to examine Chinas destructive new toy and its methods for turning both Chinese users and global visitors to Chinese sites into the worlds largest botnet. We'll review the Great Cannons early construction, examine how it intercepts traffic as a Man-in-the-Middle proxy by doing live probe requests to the GC & GFW to determine the difference between their traffic, and show the relative ease with which it can further weaponize users to carry out attacks on sites deemed a threat to the Chinese Communist Party. Arguably as important as comprehending the methods by which the Great Cannon functions is understanding the WHY we intend to walk you through why the GC made an appearance at the time it did, the political underpinnings behind the decision to attack the Github repos, and how you can expect to see it change in the future as HTTPS and DNSSEC become more widely used. Are you wondering how to protect your company's traffic even if you use Baidu Ads or communicate with Chinese servers? Yep, we'll cover that too. Although the GC was wielded with all the subtlety of a sledgehammer during its debut, it is certainly capable of being a much more devious and dangerous tool to suppress perceived threats in a targeted and hard-to-detect fashion. Needless to say, it won't be going away anytime soon. Bulletproof yourself by attending this talk and learning all about Chinas Great Cannon.

Presenters:

• Johannes Gilger
  Johannes Gilger is a Junior Security Researcher.In his role he frequently switches between analyzing threats,engineering support infrastructure as well as providing technicalassistance to other teams. In his previous life, Johannes worked at an university where a lot of his time was spent between getting studentsexicted for information security and playing, as well as organizing CTF competitions. Together with other students, Johannes built systems, such as the Honeymap as well as HPFriends, a malware sharing system built on a social graph.
• Adam Kozy - CrowdStrike, Inc.
  Adam Kozy previously assisted instructing the F3EAD training course at Black Hat 2014. He has presented on Cyber Intelligence & Research at the George Washington University and has given high-level briefings to senior level executives in the US Government, as well as the private sector. In addition to being a China (cyber) hand for many years, he is comfortable in front of both formal and informal audiences, and has a gift for connecting with his listeners through both intriguing nuggets of knowledge, and an unrelenting sense of humor and mischief.

Links:

• https://www.blackhat.com/us-15/briefings.html#bringing-a-cannon-to-a-knife-fight
• https://infocon.org/cons/Black Hat/Black Hat USA/Black Hat USA 2015/video/Black Hat USA 2015 - Bringing A Cannon To A Knife Fight.srt (subtitles)
• https://infocon.org/cons/Black Hat/Black Hat USA/Black Hat USA 2015/video/Black Hat USA 2015 - Bringing A Cannon To A Knife Fight.mp4
• https://www.youtube.com/watch?v=wewFYh8pQrY
• https://www.blackhat.com/docs/us-15/materials/us-15-Kozy-Bringing-A-Cannon-To-A-Knife-Fight.pdf

Similar Presentations:

• DEF CON 30 (2022) / Dragon Tails: Supply-side Security and International Vulnerability Disclosure Law
• The Eleventh HOPE (2016) / Chinese Mechanical Locks - Insight into a Hidden World of Locks
• BSidesDC 2015 / A deep look into a Chinese advanced attack. Understand it, learn from it and how to detect and defend against attacks like this.