Thu January 23, 2014
China Sends 500 Million Users On An Internet Detour
Originally published on Fri January 24, 2014 3:32 pm
MELISSA BLOCK, HOST:
Most of China's Internet users experienced an outage this week. For up to eight hours, some 500 million people could not get Web pages to load. And the leading theory about what happened is that the Chinese government mistakenly rerouted Internet traffic. Headlines about this on some news sites have been a little misleading: How the Chinese Internet Ended Up in Cheyenne, Wyoming, blared one site. And there were lots of variations on that.
The truth though is equally intriguing and joining us to explain is Nicole Perlroth. She covers cyber security for The New York Times. Nicole, welcome.
NICOLE PERLROTH: Hi, thanks for having me.
BLOCK: And let's talk first, Nicole, about the extent of what happened. You had one Internet analyst tell you half the world's Internet users trying to access the Internet couldn't?
PERLROTH: That's right. About 500 million Internet users in China trying to access the Internet couldn't reach various websites. This is something that didn't just affect Chinese Internet users, it affected major Chinese companies, like Baidu and Saina. So this was - we're calling it now the biggest Internet outage ever.
BLOCK: And as you've been reporting, the suspicion is that all of this has to do with what's known as the Great Firewall in China. So what's the explanation for how this happened?
PERLROTH: That's right. So the Great Firewall actually means Chinese Internet censors that decide which websites can be accessed and which cannot. But it appears that instead of blocking several websites, China's firewall actually inadvertently fired all of Chinese Internet traffic to those websites.
BLOCK: So instead of blocking certain sites, what you're saying is that China actually reversed the flow in a huge way.
PERLROTH: Sure, that's the working theory. Basically anyone trying to access these sites was being redirected to this one IP address. It was registered to a company called Sophidea Inc. that was registered to a physical address in Cheyenne, Wyoming. That does not mean that all this Internet traffic was flooding to this one physical address in Wyoming. It means that it was flooding to all the servers that support this one IP address that had a mailing address in Cheyenne, Wyoming.
BLOCK: The New York Times had a headline for while, your own paper: Chinese Internet Traffic Redirected To Small Wyoming House. Turns out not quite the case, right?
PERLROTH: Right, not quite the case. So when I looked at the address listed in Internet records it was the name of an address in Cheyenne, Wyoming. Wyoming Corporate Services acts as a physical address for thousands of businesses, and so Sophidea Inc. was just one of them.
BLOCK: Tell us more about this company, Sophidea. Who is it? What do they do?
PERLROTH: Sophidea, we don't know much about it. But it does look like the company appears to offer services that help people mask their Internet addresses. If someone wanted to send someone spam but not be traceable, for example, or if someone wanted to evade a firewall, like China's Great Firewall. So Sophidea's site would have been a target for a China's Internet censors.
BLOCK: And this was the case for another company that had the same thing happen, too, right? Dynamic Internet Technology had the same thing happen, all of this traffic started flooding in.
PERLROTH: That's right. A huge wave of traffic started flooding servers for DIT, as well. And DIT is operated by a Falung Gong supporter who supports various sites that have been critical of the Chinese government. And again, these are sites that the Great Firewall would take great pains to block.
BLOCK: Is it clear, Nicole, that this was not deliberate, that this actually was accidental?
PERLROTH: It does appear that it was accidental. We can't say for certain what happened. But the only entity that really has this capability would've been the Great Firewall itself. So the working theory is that in attempting to block some of these sites, the technology sort of backfired and may have accidentally redirected this huge flood of traffic from inside China at these sites.
BLOCK: Nicole Perlroth covers cyber security for The New York Times. Nicole, thanks so much.
PERLROTH: Thanks so much for having me.
(SOUNDBITE OF MUSIC) Transcript provided by NPR, Copyright NPR.