Internet Outage Leaves China Disconnected for 8 Hours
China cried "cyberattack" over Tuesday's massive Internet outage across the country, but it appears it might have been a case of friendly fire. One hypothesis that's getting a lot of support is that Chinese censors flubbed their management of the Great Firewall and accidentally redirected a massive amount of network traffic to domains they really wanted to block, triggering a network overload.
The Internet went dark in China on Tuesday. For some eight hours, more than 618 million Chinese couldn't access cyberspace. The outage occurred when two-thirds of all Web traffic in the country was redirected to a single IP address located in the United States.
The address belongs to Dynamic Internet Technology, a company with ties to Falun Gong, a spiritual group outlawed in China since 1999 for a number of alleged sins including "spreading fallacies, hoodwinking people, inciting and creating disturbances and jeopardizing social stability."
The outage -- one of the largest in the history of the Internet -- was caused by a malfunction that blocked access in China to top level domain names such as .com and .net, according to the state-operated China Internet Network Information Center.
The malfunction could have been caused by hackers launching a cyberattack, suggested security analysts quoted by the state-run Xinhua news agency.
Another possibility is that it was caused by technical problems with the country's elaborate Internet filtering system, known as the "Great Firewall."
"It's not surprising that an entire country that tries to firewall its network and segregate it from the rest of the Internet is going have glitches -- and when they have glitches, they're going to be extremely disruptive," said Richard Stiennon, chief research analyst with IT-Harvest.
Making matters worse, China is currently revamping that complicated infrastructure.
"The Chinese authorities are in the process of swapping out Cisco gear on the Great Firewall and replacing the technology with organic Chinese telcom gear from Huawei and ZTE," noted Bill Hagestad II, author of several books on Chinese cyberwarfare.
"Somebody got the configuration file wrong," he told TechNewsWorld, "and as a result, you got some outages."
As part of China's "Golden Shield" to filter Internet information, it routinely poisons domains. When a domain China doesn't like is identified, it sends traffic to that domain to Internet purgatory, commonly displayed in browsers as a "404" error.
That trick may have backfired on the Great Firewall this time, according to GreatFirewall.org, an anticensorship group. Instead of blocking traffic headed to the Falun Gong website, it started redirecting mountains of traffic on the Chinese Net to the site.
The activists were skeptical that hackers were behind the outage.
"If it was a hack, I think it is clear that they could and would have done much more than just redirect traffic to one domain, knowing that domain would likely crash with such a surge in traffic," GreatFirewall.com cofounder Charlie Smith told TechNewsWorld.
"They would have done something much, much bigger in this instance," he continued. "To have hacked the Great Firewall would have taken some thinking and initiative, and it is highly unlikely that they would have done this without a clear intention."
A more likely scenario, according to the activists, is that the system was brought to its knees by overzealous censors trying to block unblockable mirror sites, where news of Chinese government corruption was expected to appear.
"So the censors were scrambling and trying to figure out how to block what we were doing and then all of a sudden it was, 'sh*t, we broke the system,'" Smith said.
While Internet service has been restored to China, future outages remain a possibility.
"I think this could happen again in the future," author Hagestad said.
However, once the kinks are worked out of the revamped Great Firewall, it will be a formidable barrier to Net mischief.
"Once the Chinese get it figured out," Hagestad noted, "it's going to be very difficult for a Western hacker to use Western-based malware to attack it."