- Dynamic Internet Technology Inc. (DIT Inc.) today reported
test results that indicate an unprecedented number of domain name hijackings
all over China.
-
- This development is the latest turn in an ongoing struggle.
China wants to use the internet to help promote economic growth, but at
the same time prevent its people from having unfettered use of the internet.
Independent news agencies and dissident groups wish to use the internet
for the purpose it was originally intended, to bring everyone everywhere
unfiltered access to information. At stake in this struggle is whether
the government's control of all information flow in China can be successfully
challenged by the internet, or whether China will pioneer ways that defeat
the internet's original liberating promise, along the way setting a precedent
for a central government successfully controlling information and showing
other repressive governments how to subdue this powerful technology.
-
- How China Does It
-
- The new success China is enjoying in blocking unwanted
internet sites depends on using a new technique.
-
- Bill Dong, a Spokesman for DIT Inc. (http://www.dit-inc.us/),
a company providing technical services to Voice of America's Chinese-language
Web site explained,
-
- "This is the largest web site hijacking activity
in history. Since late last week, visitors to the most popular forbidden
sites are re-directed to a single IP address, which is already blocked
in China at the international gateway level. This is performed by spoofing
DNS records on name servers all over China."
-
- The technique works by falsifying the records in Domain
Name Servers (DNS) throughout China. Domain Name Servers are computers
that work to tell each computer the I.P. address for any web site. If someone
types in the domain name for a site, such as www.voanews.com , then the
DNS will tell the computer of the person trying to log onto the site what
the address for the site is. Once the computer has the address, it is routed
to the web site, and the connection is made.
-
- In the case of forbidden web sites, technicians for the
Ministry for Public Security change the records of the DNS so that it will
give a false I.P. address. The address the Chinese have chosen to provide
for the forbidden web sites is 64.33.88.161. This is the address for http://falundafa.ca
- a Canadian registered non-profit organization aimed at promoting the
practice of Falun Gong. The Chinese have chosen this address because it
is already blocked at the gateway that all traffic must go through to reach
users in China. Thus, anyone trying to log onto a forbidden site will be
routed to falundafa.ca, and also be blocked.
-
- Why the Government Developed this Technique
-
- The advantage for the Chinese of this technique is that
it defeats one of the main ways that web sites have evaded attempts to
block them in the past. If the Chinese blocked the I.P. address of a web
site, then, from time to time, the web site would simply change its I.P.
address. This technique of faking the DNS records ends this cat and mouse
game. No matter how often a web site changes its I.P. address, would-be
users will still be referred to the blocked I.P. address for falundafa.ca.
-
- At the end of August the government blocked the I.P.
address for the internet search engine Google, just as it had blocked I.P.
addresses for many forbidden web sites. Analysts speculated that this block
was put in place because Google was a popular way for people in China to
search for information on Falun Gong. There was an immediate international
outcry at what the government did, and within a few days, the government
lifted the block on Google's I.P. address. Then the government for the
first time used fake DNS records to block a site. The government attempted
to frustrate users who wished to use Google by referring them to other
domestic search engines that are far less effective. But this was still
a form of blockade, and did not satisfy China's critics.
-
- The government then adopted a different approach. Rather
than block Google, the government decided to use computers to filter how
it might be used. These content filters would cause searches by Google
users in China for forbidden words to come up empty. Thus, if someone types
in the words "Falun Gong," Google in China finds nothing.
-
- The block on Google was an international scandal because
it demonstrated so clearly the threat to international internet commerce
of the Chinese government's attempts to censor the internet for political
purposes. At the same time, this method of blocking Google violated international
protocols for the use of the internet.
-
- The episode with Google demonstrates the limitations
of the technique of hijacking web sites with faked DNS records. Such an
obvious blockade cannot withstand international scrutiny when what is blocked
is an important commercial asset, and a less visible means of control had
to be found. Content filters were appropriate from the government's point
of view because they allowed Google to function within the limits set by
the government's censors.
-
- However, one may doubt that the web sites China has blocked
in this recent massive effort will have the clout to get the block on them
reversed as Google's was reversed, and their content is such that the more
stealthy method of using content filters could never satisfy the government.
These forbidden sites are in themselves thought to be objectionable.
-
- Who Is Blocked?
-
- DynaWeb is DIT Inc.'s secure proxy network for Chinese
users to access blacklisted URLs. In July, DIT Inc. published a list of
Top Ten Forbidden Websites that are visited through Dynaweb:
-
- www.renminbao.com
-
- www.dajiyuan.com
-
- www.bignews.org
-
- www.creaders.com
-
- www.rfa.org
-
- www.internetfreedom.org
-
- www.voanews.com
-
- www.minghui.org
-
- www.kanzhongguo.com
-
- www.peacehall.com
-
- All ten of these sites currently resolve to the IP address
for falundafa.ca. In addition, DynaWeb itself is also pointed to this same
address all over China.
-
- This internet blockade has not been restrained by the
principle of "one nation two systems." The hi-jackings appear
to be nationwide within mainland China (.cn). In Hong Kong (.hk) the hi-jackings
are less extensive, but several DNSs have been blocked. The effect on Macau
(.mo) is not yet clear.
-
- The government is still working out the bugs in its technique.
The official site dailynews.sina.com.cn was found to be pointed to the
falundafa.ca address. This error on the part of the technicians at the
Ministry for Public Security appears to be due to the huge scale of the
government's effort.
-
- Around 50 DNSs for different local Individual Service
Providers (ISPs) all over China were checked and all found to be part of
this hijacking. We can infer that all ISPs in China are affected. With
so many DNSs and ISPs throughout China, mistakenly blocking one authorized
web site's domain name should not be surprising.
-
- A webpage is available that will allow a user to test
if a domain is resolved to the right IP address in China at http://www.dit-inc.us/dnsspoofing.asp
. A detailed analysis will be published at www.dit-inc.us/hj-09-02.html
soon.
-
- Media contact: Bill Dong: bill@dit-inc.us.
-
- Posting date: 10/7/2002
- Original article date: 10/6/2002
- Category: News & Media Reports
-
-
- http://www.clearwisdom.net/emh/articles/2002/10/7/27311p.html
|