China's Great Firewall blamed for eight-hour Internet blackout

DNS Gremlins or hackers?

The extraordinary Internet outage that left hundreds of millions of Chinese Internet users unable to access the web on Tuesday afternoon lasted for eight hours and spread its effects across the globe, monitoring firm Compuware has reported.

Confusion still surrounds exactly what caused a large chunk of the country's core Domain Name System (DNS) servers to stop resolving IP addresses from around 3pm local time (8am GMT) although local media have decided that politically-motivated hackers were to blame.

The first symptom was a loss of connectivity to .com domains - not a good sign - including social media site Sina Weibo and China's search engine, Baidu. Despite contradictory Chinese reports, the disruption appears to have spread to a large number of national .cn domains too.

In almost any other country, the scale of what occurred would be a matter of official record and comment but this is China, home of the infamous Great Firewall, a system designed to limit the sites that can be visited by Chinese Internet users. That introduces an extra layer of complexity into the country's infrastructure.

One explanation is that hackers somehow redirected Internet traffic to a web page run by a company, Dynamic Internet Technology, connected to the banned Falun Gong political movement, something that seems unlikely on this scale although not impossible.

Other reports suggested that the fault lay with a misconfiguration of the Great Firewall system itself, the most critical element of which is its DNS resolution. Current reports don't make clear whether the problem went beyond the DNS, in other words whether users could access websites using their underlying numeric addresses.

But it does appear that the glitch took longer to resolve than is being claimed by some Chinese news sites, which said it lasted only about an hour. China's Internet Network Information Centre (CNNIC) has yet to make an official comment.

According to services firm Compuware, the downtime was closer to eight hours than one.

"It's crazy that one DNS issue could have such an impact. Through our global application performance monitoring service we saw that the outage lasted for eight hours primarily affecting China," said the firm's vice president of application performance monitoring, Michael Allen.

"When you consider the population affected, this was one of the biggest outages we've ever seen, with one seventh of global Internet users impacted. However, the impact wasn't just on Chinese internet users; companies around the world lost out on $200 million in online sales during the eight hour period."

If so, it's not the first time Chinese ISPs have been hit by cache poisoning although it might still go down in Internet history as the largest. The most significant attack to data was probably last August's DDoS on part of the country's DNS infrastructure that stopped or reduced access to a range of websites for several hours. That too was blamed on sabotage.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags CompuwareSinaThreat WatchSina Weibo

More about CompuwareTechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by John E Dunn

Latest Videos

More videos

Blog Posts