On Tuesday at around 3:20 p.m. local time, an estimated 200 million Internet users in China were not able to access popular websites such as Sina.com and the Baidu search engine, and practicaly all other websites, except government-controlled ones, were down. Information about how long the problem lasted remains a mystery because all news outlets are reporting various durations, ranging from one hour to as long as 24 hours.
Throughout the outage, users were redirected to a blank website that belongs to Dynamic Internet Technology, a U.S. based group that is very vocal in fighting Chinese online censorship. How everything happened is as smoggy as the air in Beijing with theories coming in from all directions.
Cyber Attack
"The China Internet Network Information Center (CNNIC) said through its account at SinaWeibo, a Twitter-like service in China, that the access failure that affected many users in the country was caused by a problem with top-level domain name root servers," reported official news agency Xinhua.
Internet security experts pointed that China must make DNS protection one of its top priority and this most recent outage has been caused by DNS hijacking.
"All the root name servers are located in the United States, Japan and European countries. A problem with them would affect all the domain name processes and website visits in China. We need to establish a monitoring system over DNS and response system for accidents. Building root domain name servers in China should be completed as soon as possible," said Internet engineer Dong Fang of 360 Security Solution.
According to the report, the China Internet Network Information Center is calling on the central government to have a quicker mechanism to react to such emergencies.
"I don't know who did this or where it came from, but what I want to point out is this reminds us once again that maintaining Internet security needs strengthened international cooperation. This again shows that China is a victim of hacking," said Qin Gang, a spokesperson for China's foreign ministry.
With the users re-routed to an IP address owned by Dynamic Internet Technology, a very vocal group fighting online censorship in China, the company was among the primary suspects.
However, the group has denied the allegations.
"Lots of information was posted around the Web about that IP used to map all domains. This plethora of information is a result of different level of ownership of IP resources. This IP is used by DIT operating FreeGate related service. It was not running any Web server when the incident happened. We tried to run website on it after we learned of the incident, but we were unable to deliver any webpages since all replies were blocked from entering China," the group's statement read.
FreeGate is a service offered by DIT so Internet users in China can bypass or go around the country's firewall that restricts visits to most websites.
Company founder Bill Xia, who is also a practitioner of Falun Gong, a religion banned in China since the 1990s, shared what the group observed.
"It was hundreds of thousands of users per second. They were sending [all of] China to us, so it's hundreds of millions of users. It's still ongoing. We didn't see it die out. Maybe they fixed it for some part of China ... but it's still really heavy traffic," Xia said in an interview.
Xia suspects that it can be a problem created as China tweaked its Great Firewall that filters everything that is against the government and blocks anyone in China from accessing social networks such as Twitter and Facebook.
Problem on the Great Firewall
Soon, reports surfaced that the big outage may have been caused by human error as computer engineers in China manage the Great Firewall.
"...sources familiar with the Chinese government's web management operations told Reuters that a hacking attack was not to blame for the malfunction. They declined to be identified due to the sensitivity of the matter. They said the incident may have been the result of an engineering mistake made while making changes to the "Great Firewall" system," the report read.
Greatfire.org also claimed that it has evidence that it was the country's censorship network that caused the problem.
"We have conclusive evidence that this outage was caused by the Great Firewall (GFW). DNS poisoning is used extensively by the GFW. Some articles that have appeared about this outage suspected that the root DNS server in China was hacked and all domains hijacked to 65.49.2.178. This could explain why DNS servers in China were poisoned. However, during that time, we see that a lookup to 8.8.8.8, a public DNS operated by Google, returned bogus results if the lookup was done from China. In fact, the Google public DNS was not poisoned; the bogus response 65.49.2.178 could only have been returned by GFW. If the Chinese root DNS server was hacked, a DNS lookup in China via 8.8.8.8 should have returned a correct response," explained GreatFire.
The details are just starting to surface about the Internet outage in China but a lot of people doubt if the truth will come out from a country where a mere Facebook 'Like' is not possible.
