Forbidden sites hijacked all over China
Bill Dong, Spokesman for Dynamic Internet Technology Inc.,
reports an unprecedented number of domain name hi-jackings in China. Washington, D.C., October 1, 2002 - Dynamic Internet Technology Inc. (DIT Inc.) today reported test results that indicate an
unprecedented number of domain name hi-jackings all over China. This development is the latest turn in an ongoing struggle. China wants to use the internet to
help promote economic growth, but at the same time prevent its people from having unfettered use of
the internet. Independent news agencies and dissident groups wish to use the internet for the
purpose it was originally intended, to bring everyone everywhere unfiltered access to information.
At stake in this struggle is whether the government's control of all information flow in China can
be successfully challenged by the internet, or whether China will pioneer ways that defeat the
internet's original liberating promise, along the way setting a precedent for a central government
successfully controlling information and showing other repressive governments how to subdue this
powerful technology. How China Does It The new success China is enjoying in blocking unwanted internet sites depends on using a new
technique. Bill Dong, a Spokesman for DIT Inc. (http://www.dit-inc.us/),
a company providing technical services to Voice of America's Chinese-language Web site
explained, "This is the largest web site hijacking activity in history. Since late last week, visitors
to the most popular forbidden sites are re-directed to a single IP address, which is already blocked
in China at the international gateway level. This is performed by spoofing DNS records on name
servers all over China." The technique works by falsifying the records in Domain Name Servers (DNS) throughout China.
Domain Name Servers are computers that work to tell each computer the I.P. address for any web site.
If someone types in the domain name for a site, such as www.voanews.com
, then the DNS will tell the computer of the person trying to log onto the site what the address for
the site is. Once the computer has the address, it is routed to the web site, and the connection is
made. In the case of forbidden web sites, technicians for the Ministry for Public Security change the
records of the DNS so that it will give a false I.P. address. The address the Chinese have chosen to
provide for the forbidden web sites is 64.33.88.161. This is the address for http://falundafa.ca - a Canadian registered non-profit organization
aimed at promoting the practice of Falun Gong. The Chinese have chosen this address because it is
already blocked at the gateway that all traffic must go through to reach users in China. Thus,
anyone trying to log onto a forbidden site will be routed to falundafa.ca, and also be blocked. Why the Government Developed this Technique The advantage for the Chinese of this technique is that it defeats one of the main ways that web
sites have evaded attempts to block them in the past. If the Chinese blocked the I.P. address of a
web site, then, from time to time, the web site would simply change its I.P. address. This technique
of faking the DNS records ends this cat and mouse game. No matter how often a web site changes its
I.P. address, would-be users will still be referred to the blocked I.P. address for falundafa.ca. At the end of August the government blocked the I.P. address for the internet search engine
Google, just as it had blocked I.P. addresses for many forbidden web sites. Analysts speculated that
this block was put in place because Google was a popular way for people in China to search for
information on Falun Gong. There was an immediate international outcry at what the government did,
and within a few days, the government lifted the block on Google's I.P. address. Then the government
for the first time used fake DNS records to block a site. The government attempted to frustrate
users who wished to use Google by referring them to other domestic search engines that are far less
effective. But this was still a form of blockade, and did not satisfy China's critics. The government then adopted a different approach. Rather than block Google, the government
decided to use computers to filter how it might be used. These content filters would cause searches
by Google users in China for forbidden words to come up empty. Thus, if someone types in the words
"Falun Gong," Google in China finds nothing. The block on Google was an international scandal because it demonstrated so clearly the threat to
international internet commerce of the Chinese government's attempts to censor the internet for
political purposes. At the same time, this method of blocking Google violated international
protocols for the use of the internet. The episode with Google demonstrates the limitations of the technique of hijacking web sites with
faked DNS records. Such an obvious blockade cannot withstand international scrutiny when what is
blocked is an important commercial asset, and a less visible means of control had to be found.
Content filters were appropriate from the government's point of view because they allowed Google to
function within the limits set by the government's censors. However, one may doubt that the web sites China has blocked in this recent massive effort will
have the clout to get the block on them reversed as Google's was reversed, and their content is such
that the more stealthy method of using content filters could never satisfy the government. These
forbidden sites are in themselves thought to be objectionable. Who Is Blocked? DynaWeb is DIT Inc.'s secure proxy network for Chinese users to access blacklisted URLs. In July,
DIT Inc. published a list of Top Ten Forbidden Websites that are visited through Dynaweb: All ten of these sites currently resolve to the IP address for falundafa.ca. In addition, DynaWeb
itself is also pointed to this same address all over China. This internet blockade has not been restrained by the principle of "one nation two
systems." The hi-jackings appear to be nationwide within mainland China (.cn). In Hong Kong (.hk)
the hi-jackings are less extensive, but several DNSs have been blocked. The effect on Macau (.mo) is
not yet clear. The government is still working out the bugs in its technique. The official site
dailynews.sina.com.cn was found to be pointed to the falundafa.ca address. This error on the part of
the technicians at the Ministry for Public Security appears to be due to the huge scale of the
government's effort. Around 50 DNSs for different local Individual Service Providers (ISPs) all over China were
checked and all found to be part of this hijacking. We can infer that all ISPs in China are
affected. With so many DNSs and ISPs throughout China, mistakenly blocking one authorized web site's
domain name should not be surprising. A webpage is available that will allow a user to test if a domain is resolved to the right IP
address in China at http://www.dit-inc.us/dnsspoofing.asp
. A detailed analysis will be published at www.dit-inc.us/hj-09-02.html
soon. Media contact: Bill Dong: bill@dit-inc.us.
Yearly Archive
Printer Version
feedback@clearwisdom.net
