[Updated] China's censorship firewall invades foreign systems

Internet users in Chile and the U.S. came under the control of Chinese Firewall censoring today, according to Good Gear Guide. A networking error related to the operation of BGP (Border Gateway Protocol) routing used by high-level DNS servers is cited as the cause of the redirection of many users from popular sites like Facebook, YouTube, and Twitter.

Certain ISPs began getting DNS data from a Chinese root DNS server operated by Swedish company Netnod, and giving the data intended for Chinese users to computers overseas. This effectively brought these users under the full censorship of the Chinese Firewall system, and cutting off their access to many popular sites. 

This is causing many security experts to worry. If you're under China's firewall restriction, they can, in theory, redirect any all traffic they want to. According to Rodney Joffe, a senior technologist for DNS services company Neustar, this security leak could be a problem on any network that accepts the flawed routes.

According to Danny McPherson, chief security officer at Arbor Networks, "I don't think it was done intentionally[.] This is an example of how easy it is for this information to be contaminated or corrupted or leaked out beyond the boundaries of what it was supposed to be."

Netnod denies that it is hosting the suspicious routes on its servers, and that the routes were likely changed by machines somewhere in China. 

Joffe cites this as an example of why BGP is a big security hole in the Internet. "It's really disconcerting form a security point of view and from a privacy point of view."

According to Nominet researcher Roy Arends, this isn' t the first time incidents like this have happened. It is, however, the first time it's been made public. "I wanted to keep this internal, however, the cat is out of the bag now[.]"

UPDATE: PC World reports that Netnod has "withdrawn route announcements" from the affected DNS server in China, effectively taking the DNS server of the Internet. Netnod CEO Kurt Lindqvist still denies Netnod culpability for the bad routes, and many security experts agree with Lindqvist in placing blame on a third-party within China. 

Whether or not this was a directed attack on the DNS server in an effort to spread the firewall overseas, a rogue hacker trying to break the DNS server, or simply a fluke error in BGP, has yet to be determined. 

Report a problem with article
Previous Story

The next step in Google’s fiber-optic network

Next Story

Ubuntu implements units policy, will switch to base-10 units in future release

31 Comments

Commenting is disabled on this article.

the routes were likely changed by machines somewhere in China...
so that means that someone had targetted Americans and Chileans too, for some reason ?

Krome said,
LOL South Park?
Season 6 Episode 11 (Child Abduction Is Not Funny) To Be Exact


Original Air Date:

24 July 2002

Description:

To protect the kids of South Park the parents, get City Wok Guy to build a great wall around South Park . The damn Mongolians keep trying to break the wall down. Later the parents realize they are not safe with their own children and set them free.

Source: http://www.tv.com/south-park/c...y.html?tag=ep_guide;summary

Or Source: http://www.imdb.com/title/tt0766080/

Edited by war, Mar 27 2010, 10:45pm :

iamwhoiam said,
With as many people as there are in China, if the majority of them got together, they could oust the government.

look at thailand. not too long ago, the "yellow mob" got their government in power. now the red mob is acting to get their old one back. they literally spilled blood at the front gates of the government buildings. chinese police are as helpless as the thai police were so the people are considered very powerful and can be quite persuading.

Izlude said,

look at thailand. not too long ago, the "yellow mob" got their government in power. now the red mob is acting to get their old one back. they literally spilled blood at the front gates of the government buildings. chinese police are as helpless as the thai police were so the people are considered very powerful and can be quite persuading.

Would we want that to happen to china though? I expect there would be alot of Pro-government people out there that likes it the way it is. pro and anti government clashes would probably kill alot of people and because of the different cultures in china cause provinces to split, and would cause some instability from one region not trusting the other. Dunno think i prefer a strong economical partner with cheap labor and acceptable stabily than one that tends to riot and demand things that are out of the governments control.

iamwhoiam said,
With as many people as there are in China, if the majority of them got together, they could oust the government.

and that would be their (= the chinese governement) own fold if you ask me.
If you say to a little kid: "do not touch this", they WILL touch it anyway just because it is restricted.

TrOjAn. said,
and that would be their (= the chinese governement) own fold if you ask me.
If you say to a little kid: "do not touch this", they WILL touch it anyway just because it is restricted.

It's a good thing we have adults then, isn't it.

killa_chain said,

Would we want that to happen to china though? I expect there would be alot of Pro-government people out there that likes it the way it is. pro and anti government clashes would probably kill alot of people and because of the different cultures in china cause provinces to split, and would cause some instability from one region not trusting the other. Dunno think i prefer a strong economical partner with cheap labor and acceptable stabily than one that tends to riot and demand things that are out of the governments control.

If only that would happen. Bye bye China. Thank GOD!

tonyunreal said,
Takes the "Big Brother is watching you" to a whole new level.
Big Brother is watching youtube

Edited by Krome, Mar 27 2010, 4:32pm : tag does not seem to work

Interesting, Also brings up a few question on how the internet as a whole is run, look at it this way the more infulance any government has on the internet the more likely this sort of stuff happens, maybe the whole internet protcol should be re-thought, ask yourself this... what would the net be like if we had no government controll what so ever....

Fubar said,
Interesting, Also brings up a few question on how the internet as a whole is run, look at it this way the more infulance any government has on the internet the more likely this sort of stuff happens, maybe the whole internet protcol should be re-thought, ask yourself this... what would the net be like if we had no government controll what so ever....

The problem is, if they created/rethought the internet, it would be in the image of those who shape it (governments / high powered people), where as now it is a naturally evolving piece of technology with (in general) little restrictions

Fubar said,
Interesting, Also brings up a few question on how the internet as a whole is run, look at it this way the more infulance any government has on the internet the more likely this sort of stuff happens, maybe the whole internet protcol should be re-thought, ask yourself this... what would the net be like if we had no government controll what so ever....

It would be invaded by pedos posting CP everywhere, and trolls will run free encouraging people to an hero themselves. Least, thats what I think would happen.

SkyyPunk said,

The problem is, if they created/rethought the internet, it would be in the image of those who shape it (governments / high powered people), where as now it is a naturally evolving piece of technology with (in general) little restrictions

With plenty of fundamental security issues. They had to close one up in DNS and there is one in BGP which should be resolved but to do that may require a rewrite of the protocol.

killa_chain said,

It would be invaded by pedos posting CP everywhere, and trolls will run free encouraging people to an hero themselves. Least, thats what I think would happen.

Just how many pedo's are there out there in the world that they would post CP "everywhere" and" invade" the internet?? Sounds like hundreds of millions of pedo's out there!!

Tim Dawg said,

Just how many pedo's are there out there in the world that they would post CP "everywhere" and" invade" the internet?? Sounds like hundreds of millions of pedo's out there!!

pretty much yeah