MUCH of China’s internet traffic was redirected to websites run by a company that sells software to get round its web censorship.
The redirection, which affected hundreds of millions of Chinese web users on Tuesday, came as Beijing tried to extend its internet controls, a system dubbed the Great Firewall.
Most of those who tried to log on to China’s most popular sites found themselves redirected to Dynamic Internet Technology (DIT), a US-based company that sells anti-censorship web services to Chinese users.
The official Xinhua news agency quoted experts as saying the malfunction may have been the result of a hacking attack.
DIT, however, is linked to the Falun Gong, a religious group banned in China and blamed for past hacking attacks.
Chinese foreign ministry spokesman Qin Gang said he had “noted” reports of Falun Gong involvement, but added: “I don’t know who did this or where it came from, but this reminds us once again that maintaining internet security needs strengthened international co-operation. This again shows that China is a victim of hacking.”
Sources familiar with Beijing’s web management operations said the incident may have been the result of an engineering mistake made while making changes to the Great Firewall. The system is used by the Communist Party to block websites it deems subversive, such as the DIT site.
The state-run China Internet Network Information Centre said in a microblog that the shutdown, which lasted several hours, was due to a malfunction in China’s top-level domain name root servers. These administer China’s domain name service (DNS), which matches alphabetic domain names with a database of numeric IP addresses of computers hosting different sites, a sort of internet reference directory.
Instead of matching the names of popular Chinese websites with their proper IP addresses, Chinese DNS servers instead redirected users trying to access websites not ending with the “.cn” suffix to the IP address associated with DIT’s homepage.
It was unclear why users were directed to the DIT site. Independent tests also showed that the source of the malfunction originated in China, from Great Firewall servers themselves.
“Our investigation shows very clearly that DNS exclusion happened at servers inside of China,” said Xiao Qiang, an adjunct professor at UC Berkeley School of Information in the US and an expert on China’s internet controls.
“It all points to the Great Firewall, because that’s where it can simultaneously influence DNS resolutions of all the different networks [in China]. But how that happened or why that happened we’re not sure. It’s definitely not the Great Firewall’s normal behaviour.”
Checks by DIT suggested a similar root cause for the overwhelming amount of traffic trying to reach the site, said Bill Xia, DIT’s founder and a member of the Falun Gong.
“For such a large-scale attack just targeting users in China, it can only be done by the Great Firewall,” Mr Xia said. “It’s even clearer this is not an attack of all the domain name servers in the world, but the same as the DNS hijacking technologies used by the Chinese government to block websites they don’t want.”
The shutdown, which began around 3:15pm local time, redirected roughly one million requests per second to the DIT site, said Mr Xia.