A mysterious attack on China’s Internet points to circumvention software – Australia
12: 32 |
Source: World Wide Web |
Some Chinese Internet users suffered "paralysis" on the 21st. At about 15:10 that day, the resolution of the domestic gTLD name server was abnormal, and some domestic users could not access domain name websites such as .com. According to preliminary statistics, 2/3 of website visits across the country are affected. After the failure occurs, Chinese users will be redirected to an IP address when they visit, and this address points to a company located in Cary Town, North Carolina, USA. The "Global Times" reporter has verified that this company named DynamicInternetTechnology is the developer of "Freegate" circumvention software.
On the afternoon of the 21st, many Chinese netizens said that many domestic websites were inaccessible. Some webmasters said that the disconnection was due to a problem with the domestic Internet root domain, which caused a large number of website domain names to resolve abnormally. The fault is specifically manifested in that the domain name access request is redirected to several unresponsive US IPs, and users in different provinces have different degrees of network faults. Some analysts said that the reason may be that the current international node has failed and the domestic 2/3 DNS is in a state of paralysis. When some users visit the website, they will be redirected to the IP address of 126.96.36.199, causing the real website to fail to visit smoothly. And by querying the information of 188.8.131.52, it was found that the IP was located at DynamicInternetTechnology in Cary Town, North Carolina, USA, and the domain names of a large number of well-known IT companies in China were resolved to this address.
A "Global Times" reporter found through various investigations on the evening of the 21st that the company called DynamicInternetTechnology is the same company that developed the "Freegate" circumvention software. Based on the name and address, the reporter learned in the process of inquiring about the company's information that the company's president is Bill Xia (the original name is BillXia in English), and this person is the founder of Freegate. According to the introduction of DynamicInternetTechnology's website, its service targets include The Epoch Times, Voice of America, Radio Free Asia, etc., providing Internet users in China with access to blocked web pages. "Global Times" reporter found that the company did not leave a contact number, only fax and e-mail contact information. The reporter sent an e-mail inquiry to the company, and Bill Xia replied that it had nothing to do with the matter. The incident was more like a DNS domain name hijacking by a third party.
There have been two root domain name failures in China. One was on July 2013, 7, when Shanghai Unicom’s DNS equipment failed, causing 6G and 2G mobile phone users to fail to access the Internet. The other time was on August 3, 2013, when the .CN root domain name server failed. This time, after 8 months, DNS failure occurred again in China.
It is reported that this time the login failure occurred because the top-level domain was .COM. In the Internet, the top-level domains used by some specific organizations are represented by the first few English letters of the English names of their representative organizations. Generic top-level domains include .COM (commercial organizations), .NET (organizations engaged in Internet services),. Common domain names ending with ORG (non-profit organization), etc.
The top-level domain name has a great relationship with the "root server". The latter is mainly used to manage the home directory of the Internet. There are only 13 root servers in the world, named "A" to "M", 10 of which are located in the United States , And the other three are installed in the UK, Sweden and Japan. All root servers are managed by ICANN, an Internet domain name and number allocation agency authorized by the US government, and are responsible for the management of global Internet domain name root servers, domain name systems, and IP addresses.
Qin An, director of the Cyberspace Strategy Research Center of the National Innovation and Development Strategy Research Association, told the Global Times on the 21st that most of the websites affected by the failure of the root server of China's top-level domain names are worthy of attention. "This incident explained in a layman's way that it was like you bought a plane ticket to the airport and found that the airport was completely paralyzed, and you couldn't leave." Qin An said that the scope of the incident is so wide that it has made the most ordinary Chinese netizens also feel inconvenient.
Qin An stated that it does not matter whether the incident was an individual hacker or an organized behavior. What is important is that now, whether it is an individual hacker or an organized behavior of a state agency, it can cause huge damage to the network that people rely on for survival. Qin An said frankly: "The argument that human society is gestating a world cyber war is not far away. This incident can be regarded as an early warning of a cyber war."
Another cyber security expert, who did not want to be named, said in an interview with the Global Times reporter on the 21st that from the current point of view, the incident is very likely to be a hacker attack, but who initiated the attack still has to draw a question mark. Although this IP address points to a US company, it cannot be ruled out that real hackers use this IP address as a springboard to launch attacks. In this expert's view, it is unlikely that the US government and military will manipulate this action behind the scenes. Because the United States, which controls most of the fundamental Internet resources in the world, is already the "super super" power in the Internet world, such cyber attacks are of little benefit to the US government and military, and will only make China again aware of the importance of cyber security. To ring the alarm bell for China is tantamount to shocking the snake.