Hello, welcome to the Monday, December 9th, 2019 edition of the Sansanet Storm Center's Stormcast.

My name is Johannes Ulrich.

And today I'm recording from Jacksonville, Florida.

On Friday, our handler Jan came across an interesting fishing email.

What made it stand out was the size of the HTML attachment

in this email. It carried about 930 kilobytes. The HTML file did not only include simple

HTML code to replicate a legitimately looking login page, but the author event as far as to include

a complete copy of JQuery and Bootstrap to make the site look and behave more plausible.

Now, once a user fills in credentials into the HTML page, they are of course submitted to a website, but it's more difficult to take down these

websites because once you look at it, well, it's just an empty page.

There is no trademarkable logo or anything like this on the actual website, which of course means that many

automated tools and sort of try to identify shutdown fishing sites will not work.

And China is dusting off its great cannon again, or sometimes it's also called the red cannon to launch denial of

service attacks against a forum supporting the protesters in Hong Kong.

This great cannon is a feature of China's great firewall.

The firewall is not only able to block access to content, but it is also able to

modify content. The first time I remember having heard of this feature was back in 2015 when

GitHub was attacked using the Great Canon. Back then, the Great Canon was used to convince GitHub to remove projects that attempt

to bypass the Great Firewall.

Since then, it has been used a couple of times, but those attacks haven't really sort of

hit the news in a major way.

The Great Cannon borrows a technique used by the low orbit. attacks haven't really sort of hit the news in a major way.

...