Some blame it on human error. Others point to hackers. Still others blame China for its own woes. No matter the who or the what, something caused millions of Internet users in China to be rerouted to the Web site of a U.S. company that helps people skirt Beijing’s Great Firewall of censorship.
According to Reuters, hundreds of millions of people attempting to visit China's most popular Web sites on Tuesday afternoon found themselves redirected to Dynamic Internet Technology (DIT), a company that sells anti-censorship Web services tailored for Chinese users.
"I don't know who did this or where it came from, but what I want to point out is this reminds us once again that maintaining Internet security needs strengthened international cooperation,” Chinese Foreign Ministry spokesman Qin Gang said in a daily news briefing. “This again shows that China is a victim of hacking."
We caught up with Chester Wisniewski, senior security advisor at Sophos, to get his take on the hubbub in Asia. He told us he thinks the Chinese government's explanation of a DNS mistake is more likely the cause than "hacking."
“What is more interesting to me is that this is sort of a wake-up call for the Chinese on how important the Internet is to their economy,” Wisniewski said.
“When they erected the ‘Great Firewall’ the Internet was a play toy and they needed to be sure they could control pornography and religious groups that might impact the Communist party's influence. Now the Internet is extremely important to their economy and the stranglehold of censorship may present an even greater danger,” he said
GreatFire.org, a group in opposition to China’s censorship that monitor’s the nation’s Internet goings on, has three theories about the outage. Two of them are related to Falun Gong, a spiritual group banned in China. The third is that Chinese authorities set out to attack its unblockable mirror Web sites.
“We have conclusive evidence that this outage was caused by the Great Firewall (GFW). DNS poisoning is used extensively by the GFW. Some articles that have appeared about this outage suspected that the root DNS server in China was hacked and all domains hijacked to 220.127.116.11,” the authors wrote.
“This could explain why DNS servers in China were poisoned. However, during that time, we see that a lookup to 18.104.22.168, a public DNS operated by Google, returned bogus results if the lookup was done from China. In fact, the Google public DNS was not poisoned; the bogus response 22.214.171.124 could only have been returned by GFW. If the Chinese root DNS server was hacked, a DNS lookup in China via 126.96.36.199 should have returned a correct response,” according to the authors.