Described at the time as a significant escalation of state-level information control and a censorship tool powered by weaponising users, Google said on the weekend that the attack would not have been possible if the web had embraced moves to encrypt its transport layers.
"This provides further motivation for transitioning the web to encrypted and integrity-protected communication," Google security engineer Niels Provos said in a blog post. "Unfortunately, defending against such an attack is not easy for website operators."
Using analysis from Google's Safe Browsing infrastructure, Provos said the Great Cannon attack lasted from March 1 to April 15, and involved testing phases before the attack ramped up on March 14 against Greatfire.org.
"At first, requests were made over HTTP and then upgraded to to use HTTPS," Provos said. "On March 14th, the attack started for real and targeted d3rkfw22xppori.cloudfront.net both via HTTP as well as HTTPS. Attacks against this specific host were carried out until March 17th.