A temporary glitch in China’s Great Firewall has redirected millions of Chinese Internet users to an anti-censorship website meant to be blocked by the system.
Due to the fault, probably caused by a human element, hundreds of millions of people who were trying to access China’s most popular websites on Tuesday afternoon, landed on the page of American company Dynamic Internet Technology – a specialist in anti-censorship web services.
Dynamic Internet Technology, who specialises in helping Chinese users to avoid the Communist Party censorship, has previously been linked to Falun Gong, an illegal spiritual group in China, and its website was supposed to be blocked by authorities overseeing the use of the Internet in China
The official Xinhua news agency suggested the malfunction could have been a result of a hacking attack.
"I don't know who did this or where it came from, but what I want to point out is this reminds us once again that maintaining Internet security needs strengthened international cooperation,” said Chinese Foreign Ministry spokesman Qin Gang. “This again shows that China is a victim of hacking."
However, sources familiar with the Chinese government's web management operations told Reuters a hacking attack was most likely not the cause.
Instead, the sources hinted, an engineering mistake made during adjusting the firewall might have caused the malfunction. However, no further details have been revealed.
China’s Internet Network Information Centre (CNNIC) uses the firewall to block undesirable websites, such as the DIT website. In its statement to the Chinese media, the CNNIC said it was investigating the presumed attack.
In a microblog post the Centre explained the outage, which lasted for several hours, had been caused by a malfunction in top-level domain name root servers.
These servers administer the country's Domain Name Service (DNS), which matches alphabetic domain names with a database of numeric IP addresses of computers hosting different websites, a sort of reference directory for the entire Internet.
Instead of matching the names of popular Chinese websites with their proper IP addresses, Chinese DNS servers redirected users trying to access websites not ending with the ".cn" suffix to the IP address associated with DIT's homepage.
It was unclear why users were being directed to the DIT site specifically.
Independent tests showed that the source of the malfunction originated from within China, and specifically from the Great Firewall servers themselves.
"Our investigation shows very clearly that DNS exclusion happened at servers inside China," said Xiao Qiang, an adjunct professor at UC Berkeley School of Information in the US and an expert on China's Internet controls.
"It all points to the Great Firewall, because that's where it can simultaneously influence DNS resolutions of all the different networks (in China). But how that happened or why that happened we're not sure. It's definitely not the Great Firewall's normal behaviour."
Checks by DIT suggested a similar root cause for the overwhelming amount of traffic trying to reach the site, said Bill Xia, DIT's founder and a member of the Falun Gong.
"For such a large scale attack just targeting users in China, it can only be done by the Great Firewall," Xia said.
"It's even clearer this is not an attack of all the Domain Name Servers in the world, but the same as the DNS hijacking technologies used by the Chinese government to block websites they don't want."