Dodging China’s cyber cannon

James Riley
Editorial Director

On the afternoon of September 14, when Malcolm Turnbull made his successful pitch to replace Tony Abbott as Prime Minister, he chose to use Labor’s opposition to FTA as the key example why voters should have serious concerns about Opposition leader Bill Shorten’s economic credentials.

The China-Australia Free Trade Agreement continues to be an unlikely political football. Yet the finished agreement was simply the end product of a process where most of the heavy lifting was done during Labor’s years in power, a key element of the dangers of doing business in the world’s biggest potential market is making itself felt.

In 1993 long after the emergence of the Internet as a popular media platform, China’s ruling Communist Party launched a program known as the Golden Shield Project, an attempt to censor websites in the same way as its Propaganda Department has long censored the countries newsprint.

The working assumption is that China’s government can hear, read and see everything in cyberspace.

According to various reports it took 13 years to complete but en route, it picked up the nickname of the Great Firewall of China – an allusion to the Great Wall of China that was built in fits and starts over more than 1,000 years in an effort to keep out invaders from the country’s north. Its no small irony given where things have gone, that the GFW was constructed largely using hardware from US technology companies in the days before the emergence of Huawei Technologies and ZTE (John Chambers, take a bow).

In the years since, China has developed a very real army of censors to administer the GFW under the auspices of the nations Public Security Bureau (police force) who have become increasingly clever at blocking information from the World Wide Web.

For many years the GFW was easy to get around using virtual private network (VPN) technology. Not so much now, maker of VPNs like Astrill and Witopia, to name two of the more popular and effective wall jumping tools, have a near-constant job upgrading the software to stop hacks from the China government.

China’s GFW and other cyber-spying technology allow it to spy on anyone in its borders. As a correspondent for The Australian based in China for four years, I watched some emails containing “sensitive” information take hours to reach their destination. Other emails, often to Chinese friends, would simply never arrive.

The working assumption is that China’s government can hear, read and see everything that lives in cyberspace, or perhaps even through your laptop or mobile phone camera.

The Australian Goovernment has had the standard practice now – for about five years – of not taking any government electronic equipment into mainland China. As the saying goes pretty much, just because you are paranoid doesn’t mean that someone is not watching you.

This year, China’s cyber efforts have stepped up a notch. On March 16 China’s army of Internet hackers launched an attack on, a website that advises web surfers which web sites have been blocked by the China censorship army. Ten days later two GitHub pages – pages of blocked websites, in this case for the New York Times which has been blocked in China for more than two years, and run by – also came under the same type of attack.

“Both attacks appear targeted at services designed to circumvent Chinese censorship,” the Citizen Lab website reported. “A report released by fingered malicious Javascript returned by Baidu servers as the source of the attack. Baidu denied that their servers were compromised.

“While the attack infrastructure is co-located with the Great Firewall, the attack was carried out by a separate offensive system, with different capabilities and design, that we term the “Great Cannon.”

Citizen Lab continued by explaining that Great Cannon is not simply an extension of the Great Firewall, but “a distinct attack tool that hijacks traffic to – or presumably from – individual IP addresses, and can arbitrarily replace unencrypted content as a man-in-the-middle. “

So concerned is the US government about the rising number of cyber attacks that in April Barack Obama issued an executive order giving the Treasury Department power to levy sanctions on individuals or entities behind cyberattacks or cyber espionage.

Such penalties would freeze these targets’ assets in the US financial system and forbid then from doing business with American companies.

The rumour mill in Washington is swirling with stories that some of these sanctions could be invoked ahead of the visit of Chinese leader Xi Jinping later this week.

“We obviously have to show some real strength and resolve,” Senate Homeland Security Committee Chairman Ron Johnson told The Hill news site. “We’re going to have to start laying down the law and come up with some kind of response on that.”

Still, it’s rude, and indeed wrong to single out China. However in the same way, the misguided, borderline racist, fear campaign about Chinese property buying ignored the facts that other Asian countries – lead by Singapore – have huge amounts of foreign investment in Australia.

In the cyber field China is just the biggest and most obvious example but many other governments in the region – particularly the relatively unlikely nation of Thailand – practice Internet censorship and snooping. No doubt many are also developing the sorts of capabilities that China’s Big Cannon possess.

Perhaps under a more tech savvy Turnbull government, Australian business will at last turn its mind properly to the dangers of cyber attacks – ask any experts and they will tell you its woefully underprepared – and help to provide education to Australian businesses about these threats that sit neatly beside the enormous opportunities in Asia

The message is simple: business in China and indeed in other authoritarian countries should be approached with caution and with eyes wide open.

Australian companies wanting to do business in China need to understand the severity, and often capriciousness, of China’s vast army of internet censors and hackers. Because in cyberspace, no body can hear you scream.

Do you know more? Contact James Riley via Email.

Leave a Comment

Related stories