From past few days, Internet Users in China are dealing with a weird redirection of traffic nationwide while accessing any website that makes use of connect.facebook.net resource
The two websites to which the traffic is being redirected:
- wpkg.org — A website for open source automated software deployment, upgrade, and removal program for Windows.
- ptraveler.com — A personal travel blog authored by a young couple of Poland.
"This behavior is occurring locally and beyond the reach of our servers," a spokesperson from Facebook told The Verge. "We are investigating the situation."
The Great Cannon:
The current attack is also intercepting a line of JavaScript from the Facebook Connect plugin and injecting a new line of code to redirect Chinese users to unrelated sites as the content passes through China's national web filters.
The Citizen Lab researchers have named this capability "The Great Cannon," a special cyber attack tool essentially capable of hijacking Internet traffic at the national level and then direct that traffic at targeted networks the attackers want to knock offline, sending back spyware or malware, or using the target to flood another website with traffic.
It is still unclear why these two sites would be a target for the Great Cannon and why Facebook is chosen to conduct the attack, which has been banned in China for years, and most immigrants in the country use a VPN to access Facebook.