DNS Poisoning Leads to Internet Outage in China

A widespread DNS error hit China on January 21. Hundreds of millions of people attempting to visit China’s most popular Web sites found themselves redirected to the IP address 65.49.2.178. All China’s generic top-level domain names were affected. Services provided by local internet giants such as search engine Baidu and social-media portal Sina.com were rendered unavailable to locals unless they accessed them through virtual private network (VPN) technology.

internet outage

The cause of the problem was not immediately clear. The official Xinhua news agency on Tuesday quoted experts as saying that the malfunction could have been the result of a hacking attack. Domestic media was full of speculation along those lines. However some think the problem was the result of a mistake made by government.

DNS (Domain Name System) is the technology that links domain names and routes them to the right IP address location. It is not entirely clear whether or not the DNS issue was the result of a hacker attack against China’s DNS infrastructure or whether it was an error made by Chinese government authorities.

The Chinese government operates an Internet-filtering capability for all Chinese Internet users that is generally referred to as the Great Firewall of China (GFW).

The IP address 65.49.2.178 is owned by Dynamic Internet Technology (DIT), a company that provides, among other things, software to help Chinese web surfers get around the GFW. The company was founded by Bill Xia, a practioner of Falun Gong, a banned group in China. Xia emigrated to the United States and started DIT.

Sources familiar with the Chinese government’s web management operations told Reuters that a hacking attack was not to blame for the malfunction. They declined to be identified due to the sensitivity of the matter. They said the incident may have been the result of an engineering mistake made while making changes to the “Great Firewall” the Communist Party uses to block websites it deems undesirable – such as the DIT site.

Greatfire.org, a website that monitors web censorship in China, also said theories that DIT was behind the outage had little merit.

Instead, the website said the outage was likely caused by what they call “DNS poisoning,” which is used to block users from certain addresses. In essence it scrambles the numbers during the process of converting a website name into IP numbers, sending people to the wrong website.

“One hypothesis is that the Great Firewall might have intended to block the DIT IP but accidentally used that IP to poison all domains,” the group wrote in a blog post.

The group said they sent a website address to a public DNS server run by Google. The group said that outside China, the address was converted properly, but that inside China, they were sent to a DIT IP address.

“The bogus response,” the group wrote, “could only have been returned by the Great Firewall.”

While opponents of Chinese censorship have pointed the finger at the Chinese government itself for the outage, the Chinese Foreign Minister reportedly is blaming hackers. According to a Reuters report, Chinese Foreign Ministry spokesman Qin Gang said he did not know who was responsible for the outage.

“I don’t know who did this or where it came from, but what I want to point out is this reminds us once again that maintaining Internet security needs strengthened international cooperation,” Gang said. “This again shows that China is a victim of hacking.”

How that happened or why that happened we’re not sure. Regardless of the root cause, the DNS issue had a significant impact on the Internet. This was one of the biggest outages, with one seventh of global Internet users impacted. However, the impact wasn’t just on Chinese internet users; companies around the world could have lost potentially $200 million in online sales during the eight hour period.

Leave a Reply

Your email address will not be published. Required fields are marked *