In one of China’s largest ever Internet outages, hundreds of millions of people were unable to access some of the country’s most-popular websites Tuesday. Instead, they were redirected to a U.S. site designed to help people get around the Great Firewall.
A hell of a hack.
Unless it wasn’t.
Starting about 3:15 p.m. Tuesday, China time, people in China who tried to visit, say, Sina Weibo, a wildly popular microblogging service, were redirected to a blank page linked to a company called Dynamic Internet Technology (DIT), which runs Freegate, a Web-censorship-circumvention tool. The company is also tied to Falun Gong, a spiritual group that is banned in China.
Initial reports focused on the likelihood of a cyberattack, perhaps by groups affiliated with DIT or Falun Gong. Both foreign and state-backed media reported the outage as a “suspected” hack. “What I want to point out is, this reminds us once again that maintaining Internet security needs strengthened international cooperation,” Qin Gang, a spokesperson for the Chinese Foreign Ministry, said at a press briefing in Beijing. “This again shows that China is a victim of hacking.”
But DIT said it had nothing to do with it. In an interview with Reuters, founder Bill Xia said the outage stemmed from inside China. “For such a large-scale attack just targeting users in China, it can only be done by the Great Firewall,” he said, referring to China’s vast online-censorship apparatus.
GreatFire.org, a China-based anticensorship group, agrees with that theory. During the incident, users were directed to IP address 220.127.116.11, which is owned by DIT and is a mirror site for a news portal operated by Falun Gong — hence the cyberattack claims. But GreatFire said it found “conclusive evidence” that the outage was caused by the Great Firewall itself.
In a blog post published Wednesday, GreatFire provided a timeline of events that it said points right back to China. The hypothesis: the Great Firewall “might have intended to block the IP but accidentally used that IP to poison all domains.” In other words, instead of blocking the politically sensitive site, it sent millions right on over.
The why, though, is still unclear, said one of GreatFire’s co-founders, who uses the pseudonym Martin Johnson. It could have been a rogue actor, human error, or a glitch.
Whatever the cause, China’s censors can’t be happy.
MORE: China’s Hacker King