Mediaboss Marketing

China is deploying a tool that can be used to launch huge distributed denial-of-service (DDoS) attacks to enforce censorship. Researchers have dubbed it the Great Cannon.

The first time the tool was seen in action was during the massive DDoS attacks that hit software development platform GitHub last month. The attack sent large amounts of traffic to the site, targeting Chinese anti-censorship projects hosted there. It was the largest attack the site has endured in its history.

That attack was first thought to have been orchestrated using Chinas Great Firewall, a sophisticated ring of networking equipment and filtering software used by the government to exert strict control over Internet access in the country. The firewall is used to block sites like Facebook and Twitter as well as several media outlets.

However, while the Great Cannon infrastructure is co-located with the Great Firewall, it is a separate, offensive system, with different capabilities and design, said researchers at the University of California, Berkeley, and the University of Toronto on Friday.

The Great Cannon is not simply an extension of the Great Firewall, but rather a distinct tool that hijacks traffic to individual IP addresses, and can arbitrarily replace unencrypted content by sitting between the Web server and end usera method known as a man-in-the-middle attack. The system is used to manipulate the traffic of systems outside of China, silently programming browsers to create a massive DDoS attack, the researchers said.

The attack method deployed against Github injected malicious Javascript into browsers connecting to the Chinese search engine Baidu. When the Great Cannon sees a request for certain Javascript files on one of Baidus infrastructure servers that host commonly used analytics, social, or advertising scripts, it appears to take one of two actions. It either passes the request to Baidus servers, which has happened over 98 percent of the time, or it drops the request before it reaches Baidu and instead sends a malicious script back to the requesting user, which has happened about 1.75 percent of the time, the report said.

In the latter case, the requesting user would be an individual outside China browsing a website making use of a Baidu infrastructure server, such as sites with ads served by Baidus ad network. In the DDos attack against GitHub, the malicious script was used to enlist the requesting user as an unwitting participant, the report said.

These findings are in line with an analysis by the Electronic Frontier Foundation (EFF) that described the attack method used last week. According to the EFF, the attack was obviously orchestrated by people who had access to backbone routers in China and was only possible because the Baidu analytics script that is included on sites does not use encryption by default. A wider use of HTTPS could have prevented the attack, it found.

The Berkeley and Toronto researchers confirmed the suspicions about the origin of the attack, saying they believe there is compelling evidence that the Chinese government operates the cannon. They tested two international Internet links into China belonging to two different Chinese ISPs, and found that in both cases the Great Cannon was co-located with the Great Firewall. This strongly suggests a government actor, they said.

While DDoS attacks are quite crude, the Great Cannon can also be used in more sophisticated ways. A technically simple configuration change, switching the system to operating on traffic from a specific IP address rather than to a specific address, would allow Beijing to deliver malware to any computer outside of China that communicates with any Chinese server not employing cryptographic protections, they said.

More here:
China's 'Great Cannon' DDoS tool enforces Internet censorship

17 hours ago by Rob Lever China has expanded its Internet censorship efforts beyond its borders with a new strategy that attacks websites across the globe, researchers say

China has expanded its Internet censorship efforts beyond its borders with a new strategy that attacks websites across the globe, researchers said Friday.

The new strategy, dubbed "Great Cannon," seeks to shut down websites and services aimed at helping the Chinese circumvent the "Great Firewall," according to a report by the Citizen Lab at the University of Toronto.

"While the attack infrastructure is co-located with the Great Firewall, the attack was carried out by a separate offensive system, with different capabilities and design, that we term the 'Great Cannon,'" the report said.

"The Great Cannon is not simply an extension of the Great Firewall, but a distinct attack tool that hijacks traffic to (or presumably from) individual IP addresses."

The report supports claims by the activist organization GreatFire, which last month claimed China was seeking to shut down its websites that offer "mirrored" content from blocked websites like those of the New York Times and others.

The technique involves hijacking Internet traffic to the big Chinese search engine Baidu and using that in "denial of service" attacks which flood a website in an effort to knock it offline.

The report authors said the new tool represents "a significant escalation in state-level information control" by using "an attack tool to enforce censorship by weaponizing users."

The Great Cannon manipulates the traffic of "bystander" systems including "any foreign computer that communicates with any China-based website not fully utilizing (encryption)."

'Puzzling' openness

Link:
'Great Cannon' is widening China censorship, say researchers (Update)

There's a new tool in China's arsenal of Internet censorship tools: In addition to the well-known "Great Firewall" blocking those in the country from visiting certain sites, there is now a "Great Cannon" that deluges foreign websites with traffic in order to take them offline. The technique is detailed in a new report from the University of Toronto's Citizen Lab, which also coins the term. It essentially works by hijacking traffic to a popular website, in this case Chinese search giant Baidu, and redirecting it toward a target this time it was GreatFire.org, a site hosted outside China that monitors censorship in the country and provides access to blocked material.

"Conducting such a widespread attack clearly demonstrates the weaponization of the Chinese Internet to co-opt arbitrary computers across the web and outside of China to achieve China's policy ends," reads the report. Such systems could also be configured to redirect and modify traffic coming from a target individual, instead of any crossing a border or going to a certain website. But Western authorities may have an awkward time condemning the Great Cannon, the researchers note, because the U.S. and U.K. have built very similar systems with very similar intentions, as indicated by documents leaked by former NSA contractor Edward Snowden.

The best defense against any adversary of this type, foreign or domestic, is good encryption, the report concludes. If the data can't be read by hackers or spies in the first place, it can't be tampered with.

First published April 10 2015, 11:55 AM

Read more from the original source:
China's 'Great Cannon' Censors Foreign Websites by Force

By LORI HINNANT and ELAINE GANLEY Associated Press

PARIS (AP) - Hackers claiming allegiance to the Islamic State group simultaneously blacked out 11 channels of a French global TV network and took over its website and social media accounts on Thursday, in what appeared to be the most ambitious media attack so far by the extremist group.

Anti-terror prosecutors opened an investigation into the attack that began late Wednesday and blocked TV5 Monde from functioning part of the day Thursday. Operations were fully re-established Thursday evening.

France's interior minister, while counseling caution until investigators find hard evidence, said the attack was likely a terrorist act. "Numerous elements converge to suggest the cause of this attack is, indeed, a terrorist act," Bernard Cazeneuve said at a news conference.

France is "absolutely determined to catch those who want to strike at its heart," the minister said.

The hackers briefly cut transmission of 11 channels belonging to TV5 Monde and took over its websites and social media accounts. The channel's director, Yves Bigot, said the attack continued into Thursday. However, the station was able to broadcast its 6 p.m. live show, "64 Minutes."

"We are no longer dark," the station said.

More than a dozen technicians worked to return the station to life "without erasing the traces of the intrusion, which are precious for the investigation," the National Agency for Computer Systems Security said in a statement.

The message on the TV5 Monde website read in part "I am IS" with a banner by a group that called itself Cybercaliphate.

Hackers operating under the name Cybercaliphate have carried out a string of attention-seeking attacks against media outlets - including several in the U.S. - since late last year. Even though the hackers express support for the Islamic State group and routinely use its imagery in their attacks, it is difficult to know for sure whether they are genuine members, simple supporters or hackers with no link to IS. Experts who have followed the group's online communications say its supporters have regularly expressed interest in launching cyber-attacks at Western targets.

More:
French network's channels hacked by group claiming IS ties

When it comes to social media communications, its not why or whenits how and where.

But accounting firms face significant hurdles and oftentimes it seems like the risks are not worth the rewards. Overzealous regulators, independence rules, clients that largely avoid the use of social media professionally and skeptical leadership all stand in the way.

As a strategic communications company that caters to accounting firms, weve heard it all. Our clients aren't using social media so why should we? Social media is for consumer brands, not accounting firms. Social media poses too much risk and we can lose control of the conversation.

Sound familiar? The objections are plentiful and the excuses are easy; however the rewards for those that do it right can be handsome.

If your firm has stumbled out of the gate trying to create a meaningful social media presence, or you are considering stepping up your companys efforts, you probably have questions. And here are the answers to three questions that your senior leadership team is likely asking:

1. How can my company and employees publish and circulate content over social media and not run afoul of regulators?

Regulators are often cited among the top reasons why accounting firms dont embrace a proactive social media effort. However, technologies and platform companies such as Hearsay Social and CommandPost make it easier for firms to track and report social media activity and adhere to strict compliance demands. Whats more, proper social media training and focusing content on thought leadership rather than conducting business (aka selling solutions) will also help manage compliance issues and avoid the wrath of regulators. It will also prove more effective in reaching and intriguing your target audiences.

There is a great opportunity to get your firms stance out there on a range of important issues. How are new technology tools, software and digital communications changing the business of accounting and the ability of companies to track, assess and report data? How are changes in accounting standards or new regulatory regimes impacting how clients are managing compliance demands? Prospective clients, media and other important audiences are looking for guidance on these and other timely topics.

2. How do I convince my firms leadership that social media is a worthwhile investment when our clientswho are mostly senior level business executivesdont use it?

If one of your communications goals is to enhance and increase the quality of media coverage of your firm and its leaders, social media is a vital tool. It is the conduit for the brand and its lead spokespeople to engage with media on topics and issues that are driving much of their editorial coverage. Many reporters and media outlets that cover the audit industry are active on social media. Look no further on Twitter than @Rapoportwsj, @AICPA_JofA and @AccountingToday If youre not present on social media, youre missing a golden opportunity to build relationships with these media.

View original post here:
Why Accounting Firms Must Embrace #SocialMedia