DNS Poisoning Suspected Cause of Huge Internet Outage in China

DNS poisoning cuts Internet access for millions of users in China, but so far government officials have not clearly stated whether it was the result of a mistake or a cyber-attack.

Internet users in China were affected by a large-scale outage over an eight-hour period on Jan. 21 that has been linked to an unspecified DNS problem that redirected traffic and prevented many Web users from reaching popular domains.

DNS (Domain Name System) is the technology that links domain names and routes them to the right IP address location. It is not entirely clear whether or not the DNS issue was the result of a hacker attack against China's DNS infrastructure or whether it was an error made by Chinese government authorities.

The Chinese government operates an Internet-filtering capability for all Chinese Internet users that is generally referred to as the Great Firewall of China (GFW). At least one Great Firewall watchdog site is blaming the Great Firewall as the source of the DNS issue.

"We have conclusive evidence that this outage was caused by the Great Firewall (GFW)," greatfire.org reported. "DNS poisoning is used extensively by the GFW."

DNS poisoning is an attack that infects legitimate DNS records in an effort to redirect traffic. The initial indication is that traffic was redirected to the IP address, which is owned by Dynamic Internet Technology, a company that operates a GFW bypass tool. Great Fire speculated that the redirection was unintentional.

"One hypothesis is that GFW might have intended to block the IP but accidentally used that IP to poison all domains," Great Fire wrote.

While opponents of Chinese censorship have pointed the finger at the Chinese government itself for the outage, the Chinese Foreign Minister reportedly is blaming hackers. According to a Reuters report, Chinese Foreign Ministry spokesman Qin Gang said he did not know who was responsible for the outage.

"I don't know who did this or where it came from, but what I want to point out is this reminds us once again that maintaining Internet security needs strengthened international cooperation," Gang said. "This again shows that China is a victim of hacking."

So far there have been no official estimates of the number of users who lost Internet access.

Regardless of the root cause, the DNS issue had a significant impact on the Internet. Application performance management (APM) vendor Compuware is among those that have been able to remotely see the impact of the China outage.

"When you consider the population affected, this was one of the biggest outages we've ever seen, with one seventh of global Internet users impacted," Heiko Specht, solution specialist for Compuware APM, stated in an email sent to eWEEK. "However, the impact wasn't just on Chinese internet users; companies around the world could have lost potentially $200 million in online sales during the eight hour period."

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.