China Power

What Caused China’s Internet Outage?

An internet disruption Tuesday affected over 60% of Chinese users. Was it caused by hackers or China’s Great Firewall?

What Caused China’s Internet Outage?
Credit: Flickr/ Harald Groven

On Tuesday afternoon, starting at about 3:15 Beijing time, Chinese Internet users found themselves unable to access many of the country’s websites. Qihoo 360 Technology, an internet security company, estimated that the outage affected two-thirds of China’s internet traffic for over an hour. It appeared that any website with a domain not ending in “.cn” was affected, which would include the home page of China’s largest search engine, Baidu, as well as popular news and social networking sites Sina and Tencent.

Users who tried to visit affected sites were instead rerouted to an IP address owned by a U.S. company. That particular company, Dynamic Internet Technology (DIT) is already blocked in China because of its connections to Falun Gong. Interestingly, DIT also creates “Freegate,” a service used to help Chinese users bypass internet censorship.

Due in part to the mysterious redirection to DIT’s webpage, official Chinese media reports on the outage implied that a cyberattack might have caused the internet disruption. A Xinhua report (reprinted by China Daily) included quotes from experts speculating that the incident could have theoretically been caused by hackers. South China Morning Post’s article on the internet outage also included quotes from internet security experts who thought the incident “might have been an attack,” possibly instigated by “anti-government activists overseas.”

Chinese media reports stopped short of actually making this claim, though. The official cause of the malfunction, according to the China Internet Network Information Center, was a “malfunction of root servers for China’s top-level domain names.” Reuters cited “sources familiar with the Chinese government’s web management operations” as saying that the outage was not caused by a hacking attack.

DIT president Bill Xia confirmed that users were being redirected to his company’s IP address, but denied that DIT had anything to do with the malfunction. Instead, he suggested that the outage had been caused by a glitch in the “Great Firewall,” the common name for China’s system of blocking access to certain webpages. Xia told Reuters, “For such a large scale attack just targeting users in China, it can only be done by the Great Firewall.”

Enjoying this article? Click here to subscribe for full access. Just $5 a month.

Xiao Qiang, an adjunct professor at the UC Berkeley School of Information and a well-known expert on China’s internet, had a similar theory. He said his investigation showed “very clearly” that the problem “happened at servers inside China,” suggesting a malfunction in the Great Firewall may have been to blame. Reuters’ sources theorized that the mistake might have occurred during an attempt to update the Great Firewall system.

The Great Firewall, formally known as the “Golden Shield Project,” prevents access to sensitive webpages within China. Pages linked to the Falun Gong, the Dalai Lama, pro-democracy advocates, and other sensitive groups are routinely blocked, as are U.S. social media sites Facebook and Twitter. Western news outlets such as the New York Times, BBC, and The Guardian have also had their pages blocked, generally after posting an especially sensitive story. The Great Firewall works in part by blocking certain domain names from being linked with the correct IP address—which was the basic cause of Tuesday’s internet outage.

Regardless of the cause, the scale of the disruption has Chinese internet security experts worried that China’s Internet access would be an easy target in the event of a cyber-war. One such expert told CRI [Chinese] that the outage was unmatched in Chinese internet history, and should serve as a warning to the Chinese Internet Network Information Center. According to Reuters, Chinese Foreign Ministry spokesman Qin Gang told the press that the incident “reminds us once again that maintaining Internet security needs strengthened international cooperation.”