China's Great Firewall blamed for eight-hour Internet blackout

DNS Gremlins or hackers?

The extraordinary Internet outage that left hundreds of millions of Chinese Internet users unable to access the web on Tuesday afternoon lasted for eight hours and spread its effects across the globe, monitoring firm Compuware has reported.

Confusion still surrounds exactly what caused a large chunk of the country's core Domain Name System (DNS) servers to stop resolving IP addresses from around 3pm local time (8am GMT) although local media have decided that politically-motivated hackers were to blame.

The first symptom was a loss of connectivity to .com domains - not a good sign - including social media site Sina Weibo and China's search engine, Baidu. Despite contradictory Chinese reports, the disruption appears to have spread to a large number of national .cn domains too.

In almost any other country, the scale of what occurred would be a matter of official record and comment but this is China, home of the infamous Great Firewall, a system designed to limit the sites that can be visited by Chinese Internet users. That introduces an extra layer of complexity into the country's infrastructure.

One explanation is that hackers somehow redirected Internet traffic to a web page run by a company, Dynamic Internet Technology, connected to the banned Falun Gong political movement, something that seems unlikely on this scale although not impossible.

Other reports suggested that the fault lay with a misconfiguration of the Great Firewall system itself, the most critical element of which is its DNS resolution. Current reports don't make clear whether the problem went beyond the DNS, in other words whether users could access websites using their underlying numeric addresses.

But it does appear that the glitch took longer to resolve than is being claimed by some Chinese news sites, which said it lasted only about an hour. China's Internet Network Information Centre (CNNIC) has yet to make an official comment.

According to services firm Compuware, the downtime was closer to eight hours than one.

"It's crazy that one DNS issue could have such an impact. Through our global application performance monitoring service we saw that the outage lasted for eight hours primarily affecting China," said the firm's vice president of application performance monitoring, Michael Allen.

"When you consider the population affected, this was one of the biggest outages we've ever seen, with one seventh of global Internet users impacted. However, the impact wasn't just on Chinese internet users; companies around the world lost out on $200 million in online sales during the eight hour period."

If so, it's not the first time Chinese ISPs have been hit by cache poisoning although it might still go down in Internet history as the largest. The most significant attack to data was probably last August's DDoS on part of the country's DNS infrastructure that stopped or reduced access to a range of websites for several hours. That too was blamed on sabotage.

Join the CSO newsletter!

Error: Please check your email address.

Tags SinasecuritySina WeiboThreat WatchCompuware

More about CompuwareTechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E Dunn

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place