China blames Internet outage on hacking attack
Two-thirds of the websites in China were briefly inaccessible on Tuesday
IDG News Service - Tuesday's Internet outage in China is dividing experts over what caused the networking error, with authorities calling it a hacking attack, and others blaming it on the country's censorship systems.
The outage briefly crippled the Internet in China, with many local websites inaccessible to users. User traffic was mysteriously redirected to a U.S.-based IP address belonging to a company that has hosted software capable of circumventing China's online censorship.
The networking error, which only lasted a few hours, affected at least two-thirds of China's websites, according to Qihoo 360, a software security vendor in the country.
On Wednesday, local authorities said a preliminary investigation found that a hacking attack caused the outage. China's National Computer Network Emergency Response Technical Team is continuing to investigate the matter.
On the same day, China's state-controlled Xinhua News Agency published a story quoting security experts whodemanded authorities do more to protect the nation's Internet infrastructure.
Others experts, however, believe the error may have been caused by a glitch in China's notorious censorship systems, also known as "The Great Firewall."
China routinely blocks sites with content critical of the nation's government, including Facebook, Twitter, and The New York Times. Tuesday's Internet outage, however, rerouted traffic to an IP address belonging to Dynamic Internet Technology, a U.S. company whose site is also blocked by authorities.
The company's CEO Bill Xia said in an email that Dynamic Internet Technology had no hand in Tuesday's outage. Instead, he claimed China's own censorship systems were at play.
The company's clients include The Epoch Times, a publication banned in China. It also hosts Freegate software that can help Chinese Internet users view sites blocked in the country.
In the past, China's censors have blocked the company's sites with domain name system (DNS) hijacking. This is done by targeting domains like Epochtimes.com, and funneling their users to the wrong IP address, Xia said.
"This time, the DNS hijacking system targeted all domains instead for a few hours, thus the break down," he added.
Others experts in China suspect the same.
Speculation is growing that hackers hijacked a root DNS (Domain Name System) server in China to reroute all user traffic, said GreatFire.org, a group that monitors China's Internet and opposes the nation's censorship.
But in a Wednesday posting, GreatFire.org dismissed such claims, noting that a public DNS server operated by Google had also been affected by the networking error. During the outage, users trying to access the Google DNS server from China were also rerouted to the IP address from Dynamic Internet Technology.
"Some are suggesting Dynamic Internet Technology is behind the outage. However, hacking into a root DNS resolver is not enough to cause this outage," the group said. "They have to hack into GFW (The Great Firewall)."
Instead, authorities may have tried to block DIT's IP address, but accidentally ended up rerouting all the nation's traffic to the address, the group added.
- 2013 Cyber Risk Report The "Cyber risk report 2013 Executive summary" presents the major findings of HP Security Research's comprehensive dive into today's cyber vulnerability and threat...
- Platfora Big Data Analytics for Network Security Platfora amplifies the effectiveness of network security analysis, providing Big Data Analytics capability to augment existing security infrastructure for known threats, and advanced...
- Big Data, Big Mess: Sound Risk Intelligence Through Complete Context This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope... All Cyberwarfare White Papers | Webcasts