Hack most likely not the reason Chinese traffic bombarded US

Status
Not open for further replies.

Petrovic

Level 64
Thread author
Verified
Honorary Member
Top Poster
Well-known
Apr 25, 2013
5,356
Analysts theorize huge outage was result of a glitch in China's Great Firewall.
Network and security experts are still trying to nail down the cause of an outage on Tuesday that briefly redirected huge amounts of China's Internet traffic to US destinations.

The incident left a large portion of China's 500 million Internet users unable to visit websites ending in .com, .net, and .org. Requests for addresses ending in those top-level domains were instead sent to IP addresses operated by US-based Dynamic Internet Technology or, according to The New York Times, a 1,700-square-foot house in Cheyenne, Wyoming.

Local officials in China said the incident was the result of a malfunction in the country's domain name system. They called on authorities to do more to protect China's DNS servers. US-based security researchers, however, said a DNS outage or hack was most likely not the cause. A public DNS server operated by Google returned the same faulty IP addresses generated by China's official servers, these researchers said. They pointed out that Dynamic Internet Technology operates services designed to circumvent China's censorship regime, which is often referred to as the Great Firewall of China (GFW).

"They have to hack into GFW," researchers at GreatFire.org explained. "If they are indeed capable of doing that, they can accomplish so much more than messing the entire Chinese Internet up.

A more likely explanation for Tuesday's outage is a glitch in the GFW that inadvertently routed all requests to Dynamic Internet Technology addresses instead of blocking them as Chinese officials had intended. There's still no working theory on what caused some traffic to be directed to Sophidea Incorporated, which is registered as being located in Cheyenne. The outage, which lasted for several hours on Tuesday morning, probably had the effect of a massive distributed denial-of-service attack on the US addresses on the receiving end of the redirected requests.


 
  • Like
Reactions: Venustus
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top