Chinese Internet Goes Offline as Censors Attempt to Block Content

For those of you worried about application performance, be careful making firewall changes as you could, as the Chinese have done, knock 680 million users offline.

The new Chinese Premier Xi has made it his mantra to expose corruption among the princelings, a term that means people who are relatives of high communist party leaders and enjoy special privileges.  The princelings have, according to The NY Times and The International Consortium of Investigative Journalists, profited handsomely by steering government contracts to themselves and family members. Xi; the previous Prime Minister; and Li Peng, who ordered the Tiananmen Square massacre; and many others have amassed fortunes and stored them in tax havens like The British Virgin Islands.  So Xi has been successful in his efforts to expose Chinese corruption, but at a price.

The timing could not be worse for Chinese public relations, as the Chinese lawyer Xu Zhiyong is being tried this week for his legal efforts to root out corruption.  This well-respected lawyer started an organization that uses China’s own laws to expose Chinese corruption.

Because of their reports on Chinese high party officials making themselves billionaires, China has blocked The NY Times, The Guardian, and Bloomberg news web sites.  They did this using the Great Firewall—whose name is a reference and metaphor for the Great Wall of China—, which is a system of firewalls, proxy servers, and content-filtering software that the Chinese censors use to block content.  (You can test whether a site is accessible via the Chinese Great Firewall here.)

What the Chinese censors did to bring down the Internet was make some change that directed all DNS lookups to one single DNS server, a domain owned by Dynamic Internet Technology (DIT).  Their DNS records give their administrative contact as located in Raleigh, North Carolina and billing contact in Canada.  Their DNS A record, meaning where their server is located, points to a located in Washington, D.C. The DIT DNS servers were overwhelmed with billions of DNS lookups per minute, which is what caused this massive internet outage.

Thus, the Chinese managed to launch a DNS denial of service attack on themselves.  Fancy that.

The outage lasted eight hours. You can read a detailed technical account of what happened by using Google Translate to translate the DIT press release written in Chinese.

Reuters characterizes Dynamic Internet Technology as, “a company that sells anti-censorship web services tailored for Chinese users.”  They also say that (DIT) is tied with Falun Gong, a religious group that is banned in China. So this could have been caused by making changes to firewall policy that already would have blocked Falun Gong.

One site that reports on censorship in China is GreatFireWall.org.  It is registered with GoGaddy.com.  The site is not working today; its DNS records show its site is hosted by Google.

The Chinese government blamed the outage on foreign hackers.