What’s more, the two digital security experts also admitted at the conference that,
‘The Web has near complete control of your browser as long as you’re connected. Everything we do in our demo, we’re not hacking anything. We’re using the web the way it was meant to be used. My apologies, we don’t have a solution.’
Two years on, and a number of DDoS attacks based on the concept have been coming to light.
‘The operational deployment of the Great Cannon represents a significant escalation in state-level information control: the normalization of widespread use of an attack tool to enforce censorship by weaponizing users.’
The latest threat was uncovered by experts at security firm CloudFlare, who noticed that one of its customers was getting an unusually high amount of HTTP requests. The company believes that the DDoS attack, which peaked at about a billion requests in an hour, leveraged a mobile ad network to carry it out. In total around 650 000 individual IP addresses were used to launch the attack, of which the vast majority (99.8%) originated in China. CloudFlare experts also discovered that around 80% of those requests originated from Chinese mobile apps and browsers.
In CloudFlare’s blog post on the attack, researcher Marek Majkowski explains that this relatively new trend in flooding attacks is particularly dangerous for smaller website operators. Explaining also why the firm suspects that an ad network was used to leverage the attack,
In the blog post, Cloudflare also laid out a likely description of the attack scenario,
- A user was casually browsing the Internet or opened an app on the smartphone.
- The user was served an iframe with an advertisement.
- The advertisement content was requested from an ad network.
- The ad network forwarded the request to the third-party that won the ad auction.
- Either the third-party website was the “attack page”, or it forwarded the user to an “attack page”.