The research team leading the Internet Freedom Fund-supported Geneva project has made a surprising and significant discovery: the middleboxes utilized by nation-state censors to wall off their citizens from the broader Internet can also be weaponized by third-party attackers to launch reflected distributed denial of service (DDoS) attacks on unsuspecting victims beyond the borders of the closed regimes. These attacks can obtain alarming degrees of amplification, and, by taking advantage of routing loops, can be infinite. Geneva’s researchers also discovered that attackers are able to harness these systems to induce nation-state censors to block arbitrary pairs of IP addresses from communicating. Previously thought to be impossible, the discovery of these vulnerabilities means the very existence of censorship infrastructure poses a tangible risk to the entire Internet and everyone on it.
The team’s award-winning paper from USENIX Security 2021 revealed that TCP-based protocols can be hijacked by attackers to produce amplification factors far greater than existing UDP-based DDoS attacks. Due to faulty TCP implementations allowing three-way handshakes to be spoofed, the content injection (e.g., block pages) of censoring middleboxes can be harnessed by bad actors to launch reflected DDoS attacks with massive amplification. Notably, these attacks utilize and affect not only nation-state censors, but also defensive middleboxes which are typically deployed in a more benign manner around the world.
A similar censor-based attack, by which off-path attackers can spoof a three-way handshake to exploit the residual censorship feature of certain nation-state infrastructures, was also uncovered by the research team. Residual censorship occurs when a censor automatically continues to block traffic between two end-hosts for a period of time (e.g., 90 seconds) after the original censorship occurs. As discussed in their paper from WOOT 2021, the attack essentially allows any individual on the Internet to weaponize existing censorship systems to carry out their own targeted-blocking campaign against any two IP addresses that cross the censor. Readers interested in learning more about the components of these attacks are encouraged to visit the Geneva team’s resources, which distill the technical aspects via user-friendly visuals and diagrams (USENIX here; WOOT here).
Geneva’s Role in Identifying the Attacks
As discussed in a prior post on the project, Geneva revolutionizes censorship circumvention by using AI to automate processes which have long been manually performed. The tool itself consists of two distinct components: (1) a genetic algorithm, and (2) a strategy engine. The genetic algorithm is Geneva’s learning component – through its deployment against real-world censors, the algorithm uses biologically-inspired principles of evolution to test and evolve new strategies to evade censorship. In turn, the engine is what deploys such strategies over active network traffic.
To automate the evasion detection process, the Geneva team developed a “survival of the fittest” theory under which the algorithm can use any combination of its four packet-manipulation building blocks (duplicate, fragment, tamper, and drop) to try to circumvent a censor. This time, however, the team was interested in using the tool to trigger attacks – not evade censorship. Historically, UDP-based amplification attacks have been the result of a weakness in the design of the protocol itself. By contrast, the novel attacks discovered by the Geneva team stemmed from weakness in the implementation of the TCP protocol. This meant there was no way to predict or define which middleboxes would be susceptible to the attacks. Instead, the only way to understand all the different ways by which the attack could be triggered, and all the different censorship infrastructures that could be exploited, was to go out into the field and test.
Such a task would have been impossible to achieve on any appreciable scale without the use of Geneva’s genetic algorithm. Yet with it, the team was able to swap out the algorithm’s underlying fitness function and reprogram it to be rewarded for receiving the maximum amount of information from the smallest request (whereas the original fitness function offered rewards for evading censorship). After recalibrating the algorithm in this manner, the team deployed it via the strategy engine toward 184 middelboxes around the world. In this manner, Geneva was used to automate the attack triggering process and report back on the various levels of information received. These potential attacks were then collated and the best of them (i.e. those that received the most information back from the middleboxes) were applied and scanned across the world. As part of this process, OTF’s network provided vantage points within censored regimes when Geneva was working to induce censors to block arbitrary addresses from communicating in Kazakhstan, Iran, and China (the results of these tests formed the basis of the WOOT paper). For the reflected DDoS attacks of the USENIX paper, no such vantage points were necessary as all testing could be performed from the United States.
Attacks Enter the Real World
Prior to the Geneva team’s groundbreaking discoveries in 2021, the world was unaware that censorship infrastructures could be leveraged and weaponized by third-party attackers. In recent months, however, this theoretical risk has unfortunately debuted across the Internet. As reported by Akamai, TCP Middlebox Reflection attacks have begun popping up against banking, gaming, and other industry organizations. Due to the ability of attackers to leverage the power of censorship infrastructures against unsuspecting victims, these attacks are predicted to increase in the future given that an attacker requires only a fraction of the amount of bandwidth to launch a successful DDoS campaign.
Although these vulnerabilities were responsibly disclosed to several country-level Computer Emergency Readiness Teams, it is unlikely that any real change will be implemented by the affected censorship systems and regimes – meaning that for now, these threats will persist. In the meantime, the Geneva team is interested in expanding their understanding of the scale and scope of these attacks. Users and organizations are encouraged to visit https://censorship.ai/ to learn more, get information about how to detect if they are being used for – or targeted by – amplification, and share their own experiences with the Geneva team.
Nation-state censorship infrastructure has been weaponized in the past – but only once, and that time the attack was conducted by the state itself. In 2015, China co-located an attack with the Great Firewall to launch the “Great Cannon,” a novel DDoS attack that targeted external services designed to evade Chinese censorship. While similar in conceptual execution via the weaponization of existing censorship infrastructure, this attack was distinct from those discovered by the Geneva researchers. Despite fears of escalating information warfare, the style of attack seen in 2015 has yet to reoccur. This degree of infrequency – in the face of abundant opportunity and government resources – can perhaps be attributed to the global constraints experienced by nation-state actors operating on the world stage. Attacks by governments themselves are necessarily informed by considerations of geopolitics, economic interdependencies, and threat of retaliation. By contrast, lone bad actors are relatively unconstrained by such concerns when deciding to leverage censorship infrastructures to launch their own amplified attacks. Given this, it is not surprising that there have already been multiple TCP Middlebox Reflection attacks seen in the wild – with more anticipated in the future.
Global Implications and Call for Censorship Infrastructure Reductions
The existence of nation-state censorship has always posed a threat to democracy – allowing regimes like China or Iran to control domestic narratives and perpetuate authoritarian rule. Yet this threat often seems a bit too abstract or theoretical for individuals living beyond the borders of those countries to demand action. The Geneva team’s discoveries, however, turn this notion on its head, revealing that censorship infrastructure poses a credible threat to everyone on the Internet – not just those living within censored regimes. As long as TCP protocol implementation issues persist in nation-state censorship infrastructures, rogue bad actors will be able to leverage these systems to launch highly effective reflected amplification attacks on unsuspecting victims across the globe.
Unfortunately, such issues will almost assuredly persist given that fixing this problem would require regimes to invest money in changes that could ultimately weaken their censorship infrastructure. At present, their systems are intentionally more permissive of missing packets than standard TCP implementations. On a typical machine, TCP will require seeing every packet of a three-way handshake – yet all middleboxes have to operate under the assumption that they might miss some packets (without such an assumption, they would be unable to make sense of connections where packets are dropped or followed asymmetric routes). To make middleboxes resilient to the attacks discovered by the Geneva team, middleboxes would have to become less resilient to more typical packet loss. As a result, censoring regimes (and, indeed, all middleboxes) are left with a choice: mitigate the attacks, or empower the middlebox. It is the Geneva team’s sincere hope that censoring nation-states would choose the former, but at present the incentives to do so are not clear given that their permissive TCP implementation is what ensures connections are torn down or blocked by government censors even when not all packets have been verified.
Knowing this, what can be done to mitigate such risks going forward? The answer – as emphasized by members of the Geneva team – is to work together to scale down existing censorship infrastructures and prevent future systems from being built. Smaller-scale operations can also be undertaken, such as ensuring benign deployments of firewalls and intrusion prevention systems do not contain similar vulnerabilities. But the reality is, as long as the nation-state censorship infrastructures exist, so too will the threat. The hope then, is that these groundbreaking discoveries will help change the common narrative towards large-scale censorship and make it more of an imperative for these infrastructures to come down. Since bad actors can now leverage these systems to attack anyone, Internet freedom advocates should be able to leverage the existence of those attacks to call for an overarching reduction of censorship systems. Simply put: governments can no longer build out their censorship infrastructures without acknowledging that these efforts are giving their adversaries and bad actors greater capabilities and tools with which to attack innocent people across the world.
Read more about OTF’s involvement with Geneva here, and stay tuned later this year for an update on the research team’s creation of an application layer for HTTP and DNS (bringing Geneva’s censorship circumvention strategies to mobile).
About the program: The Internet Freedom Fund (IFF) is OTF’s primary way to support projects and people working on open and accessible technology-focused projects that promote human rights, Internet freedom, and open societies. The IFF accepts applications on a rolling basis through a two-step process. Applications are first submitted as concept notes. Upon positive review of an application, OTF then invites applicants to submit a full proposal. Click here to learn more and begin the application process. Note: OTF prioritizes IFF projects coming from individuals or organizations who are applying for the first time, identify as under-represented within the field, and address areas that are underfunded.