China Suffers Internet Outage After ‘DNS Hack’

China suffered a significant Internet outage on Tuesday, raising fresh questions over the robustness of the so-called “Great Firewall of China”.

According to the official Xinhua news service, Internet users in China were unable to access websites ending with .com, and many were rerouted to an American anti-censorship website. The outage could have been exploited by hackers, or could have been the result of a hacking attack of the country’s domain name system (DNS), according to media reports.

“It’s crazy that one DNS issue could have such an impact,” commented Michael Allen, vice president of APM at Compuware. “Through our global application performance monitoring service we saw that the outage lasted for eight hours.

“When you consider the population affected, this was one of the biggest outages we’ve ever seen, with one seventh of global Internet users impacted. However, the impact wasn’t just on Chinese Internet users; companies around the world lost out on $200 million in online sales during the eight hour period.”

DNS Hack?

The IP address that Chinese users were rerouted to is owned by Dynamic Internet Technology, a company that sells anti-censorship web services tailored for Chinese users. Its clients reportedly include Human Rights in China, Voice of America, and a newspaper produced by the banned Falun Gong religious sect.

Meanwhile China’s Internet Network Information Center (CNNIC) confirmed in a blog posting that the outage lasted several hours on Tuesday afternoon “due to a malfunction in China’s top-level domain name root servers.”

“We have tracked and analysed the DNS and found that at least two of the 13 root name servers around the world were affected,” Dong Fang, Internet Engineer with 360 Security Solution, was quoted as saying in the Xinhua report. He said that it was likely a man-made event, either hacker attacks or DNS hijacking.

Chinese websites ending with “.cn,” the national top-level domain name, were apparently not affected by the outage. The Xinhua report also quoted experts as saying that security awareness about DNS is weak in China and most major domain name servers are poorly guarded, and need additional investment.

“All the root name servers are located in the United States, Japan and European countries. A problem with them would affect all the domain name processes and website visits in China,” Dong Fang reportedly said. “We need to establish a monitoring system over DNS and response system for accidents,” he added. “Building root domain name servers in China should be completed as soon as possible.”

“The Internet disruption appears to have taken place through changes to the Domain Name Service – the mapping between domain names and the IP addresses for the corresponding content servers – rather than through attacks on the underlying infrastructure,” Jim Cowie, CTO of Renesys, which monitors global Internet activity, was quoted as saying by Reuters.

Other Attacks

This is not the first time that China’s DNS system has been targeted.

Back in August 2013, Internet activity in China was disrupted by a massive distributed denial of service (DDoS) attack against the CNNIC, which manages the .cn top level domain and the Chinese domain name system.

Edward Snowden, the whistle-blower who released details on the US’ controversial PRISM data collection tool, has previously claimed the US has been hacking China for years. Snowden said public officials and businesses in China had been targeted, and he claimed that there had been more than 61,000 hacking operations carried out by the National Security Agency (NSA). Hundreds of targets were apparently based in China and Hong Kong.

What do you know about Internet security? Find out with our quiz!