China’s ‘Great Cannon’ – an offensive cyber attacking tool first deployed in 2015 – may have a new target: crypto mining pools.
Ethereum mining pool Flexpool experienced sustained traffic loads of 800 gigabits per second (Gbps) to its Hong Kong-based “tunnel” into mainland China December 12 – the digital equivalent of the Macy’s Thanksgiving Day Parade clogging an little used city sidestreet.
“We continue being attacked, with the incoming traffic surges that sometimes are even reaching 1 Tbps (1,000 Gbps),” Flexpool’s status page posted Sunday. “We suspect that we are currently the target of China's Great Cannon - a CCP's DDoS tool that is turning regular internet users into malicious attacking zombie-servers.”
A form of a distributed denial of service (DDOS) attack, the Great Cannon redirects foreign web traffic against non-state approved domains. The tool is a firmly offensive cybersecurity weapon – as opposed to the more defensive Great Firewall – which can only be used with "the approval of high-level authorities within the Chinese government," Citizen Labs states.
Flexpool claimed to have suffered lower level DDOS attacks at only 5 Gpbs leading up to the event. This weekend set a new peak, however, with the attack reaching levels 200 times that value at 1 Tbps. Google suffered a similar level attack of 2.5 Tbps in September 2017.
Major mining pools Antpool, BTC.com and others yanked services from the Chinese mainland last month. The Vancouver, Canada based firm continues to offer internet services to Chinese Ethereum miners through a Hong Kong server and mainland tunnel regardless of the CCP’s anti-crypto stance.
“Until that attack we suspected that we were attacked by competitors. But their attack bandwidth did not exceed more than 5 gbps. But what happened today… Over 800 Gbps. That’s something only the Chinese government could have done,” Flexpool CEO Alex Sadovskyi said in a message.
The Chinese government has historically denied all allegations surrounding the Great Cannon’s use, including its existence. Yet, digital forensic work by Citizen Lab in 2015 found the servers responsible for the attack to reside within China’s Great Firewall.
The DDOS campaign follows recent enforcement actions against reticent crypto pools and miners via IP detection tools. Multiple mining pools such as F2Pool, Binance Pool and BTC.com were blacklisted by the Great Firewall November 26.