Bill Dong, Spokesman for Dynamic Internet Technology Inc.,
reports an unprecedented number of domain name hi-jackings in China.
Washington, D.C.
Dynamic Internet Technology Inc. (DIT Inc.) today reported test results that
indicate an unprecedented number of domain name hi-jackings all over China.
This development is the latest turn in an ongoing struggle. China wants to
use the internet to help promote economic growth, but at the same time prevent
its people from having unfettered use of the internet. Independent news agencies
and dissident groups wish to use the internet for the purpose it was originally
intended, to bring everyone everywhere unfiltered access to information. At
stake in this struggle is whether the government’s control of all information
flow in China can be successfully challenged by the internet, or whether China
will pioneer ways that defeat the internet’s original liberating promise, along
the way setting a precedent for a central government successfully controlling
information and showing other repressive governments how to subdue this powerful
technology.
How China Does It
The new success China is enjoying in blocking unwanted internet sites depends
on using a new technique.
Bill Dong, a Spokesman for DIT Inc. (http://www.dit-inc.us/),
a company providing technical services to Voice of America‘s Chinese-language
Web site explained,
“This is the largest web site hijacking activity in history. Since late
last week, visitors to the most popular forbidden sites are re-directed to a
single IP address, which is already blocked in China at the international gateway
level. This is performed by spoofing DNS records on name servers all over China.”
The technique works by falsifying the records in Domain Name Servers (DNS)
throughout China. Domain Name Servers are computers that work to tell each computer
the I.P. address for any web site. If someone types in the domain name for a
site, such as http://www.voanews.com/
, then the DNS will tell the computer of the person trying to log onto the site
what the address for the site is. Once the computer has the address, it is routed
to the web site, and the connection is made.
In the case of forbidden web sites, technicians for the Ministry for Public
Security change the records of the DNS so that it will give a false I.P. address.
The address the Chinese have chosen to provide for the forbidden web sites is
64.33.88.161. This is the address for http://falundafa.ca/
– a Canadian registered non-profit organization aimed at promoting the practice
of Falun Gong. The Chinese have chosen this address because it is already blocked
at the gateway that all traffic must go through to reach users in China. Thus,
anyone trying to log onto a forbidden site will be routed to falundafa.ca, and
also be blocked.
Why the Government Developed this Technique
The advantage for the Chinese of this technique is that it defeats one of the
main ways that web sites have evaded attempts to block them in the past. If
the Chinese blocked the I.P. address of a web site, then, from time to time,
the web site would simply change its I.P. address. This technique of faking
the DNS records ends this cat and mouse game. No matter how often a web site
changes its I.P. address, would-be users will still be referred to the blocked
I.P. address for falundafa.ca.
At the end of August the government blocked the I.P. address for the internet
search engine Google, just as it had blocked I.P. addresses for many forbidden
web sites. Analysts speculated that this block was put in place because Google
was a popular way for people in China to search for information on Falun Gong.
There was an immediate international outcry at what the government did, and
within a few days, the government lifted the block on Google’s I.P. address.
Then the government for the first time used fake DNS records to block a site.
The government attempted to frustrate users who wished to use Google by referring
them to other domestic search engines that are far less effective. But this
was still a form of blockade, and did not satisfy China’s critics.
The government then adopted a different approach. Rather than block Google,
the government decided to use computers to filter how it might be used. These
content filters would cause searches by Google users in China for forbidden
words to come up empty. Thus, if someone types in the words “Falun Gong,”
Google in China finds nothing.
The block on Google was an international scandal because it demonstrated so
clearly the threat to international internet commerce of the Chinese government’s
attempts to censor the internet for political purposes. At the same time, this
method of blocking Google violated international protocols for the use of the
internet.
The episode with Google demonstrates the limitations of the technique of hijacking
web sites with faked DNS records. Such an obvious blockade cannot withstand
international scrutiny when what is blocked is an important commercial asset,
and a less visible means of control had to be found. Content filters were appropriate
from the government’s point of view because they allowed Google to function
within the limits set by the government’s censors.
However, one may doubt that the web sites China has blocked in this recent
massive effort will have the clout to get the block on them reversed as Google’s
was reversed, and their content is such that the more stealthy method of using
content filters could never satisfy the government. These forbidden sites are
in themselves thought to be objectionable.
Who Is Blocked?
DynaWeb is DIT Inc.’s secure proxy network for Chinese users to access blacklisted
URLs. In July, DIT Inc. published a list of Top Ten Forbidden
Websites that are visited through Dynaweb:
All ten of these sites currently resolve to the IP address for falundafa.ca.
In addition, DynaWeb itself is also pointed to this same address all over China.
This internet blockade has not been restrained by the principle of “one
nation two systems.” The hi-jackings appear to be nationwide within mainland
China (.cn). In Hong Kong (.hk) the hi-jackings are less extensive, but several
DNSs have been blocked. The effect on Macau (.mo) is not yet clear.
The government is still working out the bugs in its technique. The official
site dailynews.sina.com.cn was found to be pointed to the falundafa.ca address.
This error on the part of the technicians at the Ministry for Public Security
appears to be due to the huge scale of the government’s effort.
Around 50 DNSs for different local Individual Service Providers (ISPs) all
over China were checked and all found to be part of this hijacking. We can infer
that all ISPs in China are affected. With so many DNSs and ISPs throughout China,
mistakenly blocking one authorized web site’s domain name should not be surprising.
A webpage is available that will allow a user to test if a domain is resolved
to the right IP address in China at http://www.dit-inc.us/dnsspoofing.asp
. A detailed analysis will be published at www.dit-inc.us/hj-09-02.html
soon.
Media contact: Bill Dong: bill@dit-inc.us.
Posting date: 8/Oct/2002
Original article date: 6/Oct/2002
Category: Media Reports
