Freedom House has released their Freedom on the Net 2015 reports, placing China at the bottom of a ranking comprising 65 countries. Key developments in the country’s cyberspace policy last year included upgrading the national firewall that blocked several virtual private networks, the use of false digital security certificates by the China Internet Network Information Center, and the toughening of real-name registrations laws for blogs and instant-messaging services. In November 2014, the Chinese government introduced a draft counterterrorism law that would require all telecommunications and Internet companies to provide backdoor access for encryption. These initiatives are part of a broader “cyberspace sovereignty” narrative being pushed by the Chinese Community Party (CCP).
Freedom House cited Citizen Lab’s research on China in the report, including studies into Chat program censorship and surveillance in the country, particularly on TOM-skype and Sina UC. Also cited was Citizen Lab Senior Research Fellow Jason Q. Ng’s research on the manner in which content is blocked on the popular Chinese micro-blogging site Weibo. The report, entitled “Tracing the Path of a Censored Weibo Post and Compiling Keywords that Trigger Automatic Review,” found that 66 keywords simply could not be posted on Weibo, and a further 133 caused posts to be invisible. Jason Q. Ng had previously documented that posts related to the June 4 anniversary of the Tiananmen Square massacre were being censored, and this report was also cited by Freedom House.
In the technical attacks section of their report, Freedom House describes China “as a global source of cyberattacks.” The volume of attacks and their targets have led experts to conclude that military and intelligence officials in the Chinese government either sponsor or condone them. From March 25-31, 2015, hosting service GitHub was the victim of a DDoS attack. Citizen Lab’s technical analysis revealed that the infrastructure used to carry out the attack was co-located with the Great Firewall, but was a separate system with different capabilities. This was dubbed “The Great Cannon,” a distinct attack tool that hijacks traffic to (or presumably from) individual IP addresses, and can arbitrarily replace unencrypted content as a man-in-the-middle.
Also cited in the technical attacks section was the Citizen Lab report entitled “Permission to Spy: Analysis of Android Malware Targeting Tibetans.”