Chinese Internet users are now able to access numerous websites including Baidu and Sina Weibo after the country once again experienced massive outages Tuesday.
According to the China Internet Network Information Center (CNNIC), which “operates and administers country code top level domain of .cn and Chinese domain name system,” the cause was due to malfunctions with the servers that manage the .cn name system.
China’s state-run news service, Xinhua, hinted that the problem could have been caused by hackers because Chinese web surfers were rerouted to an IP address associated with Dynamic Internet Technology (DIT), a company that provides, among other things, software to help Chinese web surfers get around the so-called Great Firewall.
The company was founded by Bill Xia, a practioner of Falun Gong, a banned group in China. Xia emigrated to the United States and started DIT. The Voice of America is a client of DIT.
The latest outage was the second major disruption in five months. Last August, a denial-of-service attack caused large portions of the Chinese Internet to go dark in what in what Beijing called the “largest ever” hack attack on Chinese sites.
"China Internet Network Information Center no doubt learned some valuable lessons as a result of the August 2013 outage, where they found that it was internal Chinese hacking competition which disrupted the .cn domain,” said Christopher Burgess, CEO of Prevendra, Inc., an Internet security firm.
“In this instance, speculation of a 'foreign hand' will be high, as the outage was caused by Domain Name Service changes which rerouted traffic to a company, Dynamic Internet Technology, well known for their anti-censorship web services tailored to evade the 'The Great Firewall of China’," he said.
Chinese Foreign Ministry spokesman Qin Gang said during his regular news briefing that he “noted” reports of Falun Gong involvement in the hacking, but said he did not know who was responsible.
"I don't know who did this or where it came from, but what I want to point out is this reminds us once again that maintaining Internet security needs strengthened international cooperation. This again shows that China is a victim of hacking."
However some think the problem stems from the Great Firewall itself.
"This is the result of China's DNS hijacking system," said Xia in an email. "This system is part of China's Great Firewall."
He said the system is used to block domains the Chinese government disapproves of.
"This time, the DNS hijacking system targeted all domains instead, for a few hours, thus the break down," he said.
Greatfire.org, a website that monitors web censorship in China, also said theories that DIT was behind the outage had little merit.
Instead, the website said the outage was likely caused by what they call “DNS poisoning,” which is used to block users from certain addresses. In essence it scrambles the numbers during the process of converting a website name into IP numbers, sending people to the wrong website.
“One hypothesis is that [the Great Firewall] might have intended to block the [DIT] IP but accidentally used that IP to poison all domains,” the group wrote in a blog post.
The group said they sent a website address to a public DNS server run by Google. The group said that outside China, the address was converted properly, but that inside China, they were sent to a DIT IP address.
“The bogus response,” the group wrote, “could only have been returned by [the Great Firewall].”
According to the China Internet Network Information Center (CNNIC), which “operates and administers country code top level domain of .cn and Chinese domain name system,” the cause was due to malfunctions with the servers that manage the .cn name system.
China’s state-run news service, Xinhua, hinted that the problem could have been caused by hackers because Chinese web surfers were rerouted to an IP address associated with Dynamic Internet Technology (DIT), a company that provides, among other things, software to help Chinese web surfers get around the so-called Great Firewall.
The company was founded by Bill Xia, a practioner of Falun Gong, a banned group in China. Xia emigrated to the United States and started DIT. The Voice of America is a client of DIT.
The latest outage was the second major disruption in five months. Last August, a denial-of-service attack caused large portions of the Chinese Internet to go dark in what in what Beijing called the “largest ever” hack attack on Chinese sites.
"China Internet Network Information Center no doubt learned some valuable lessons as a result of the August 2013 outage, where they found that it was internal Chinese hacking competition which disrupted the .cn domain,” said Christopher Burgess, CEO of Prevendra, Inc., an Internet security firm.
“In this instance, speculation of a 'foreign hand' will be high, as the outage was caused by Domain Name Service changes which rerouted traffic to a company, Dynamic Internet Technology, well known for their anti-censorship web services tailored to evade the 'The Great Firewall of China’," he said.
Chinese Foreign Ministry spokesman Qin Gang said during his regular news briefing that he “noted” reports of Falun Gong involvement in the hacking, but said he did not know who was responsible.
"I don't know who did this or where it came from, but what I want to point out is this reminds us once again that maintaining Internet security needs strengthened international cooperation. This again shows that China is a victim of hacking."
However some think the problem stems from the Great Firewall itself.
"This is the result of China's DNS hijacking system," said Xia in an email. "This system is part of China's Great Firewall."
He said the system is used to block domains the Chinese government disapproves of.
"This time, the DNS hijacking system targeted all domains instead, for a few hours, thus the break down," he said.
Greatfire.org, a website that monitors web censorship in China, also said theories that DIT was behind the outage had little merit.
Instead, the website said the outage was likely caused by what they call “DNS poisoning,” which is used to block users from certain addresses. In essence it scrambles the numbers during the process of converting a website name into IP numbers, sending people to the wrong website.
“One hypothesis is that [the Great Firewall] might have intended to block the [DIT] IP but accidentally used that IP to poison all domains,” the group wrote in a blog post.
The group said they sent a website address to a public DNS server run by Google. The group said that outside China, the address was converted properly, but that inside China, they were sent to a DIT IP address.
“The bogus response,” the group wrote, “could only have been returned by [the Great Firewall].”