Internet users in Chile and the U.S. came under the control of Chinese Firewall censoring today, according to Good Gear Guide. A networking error related to the operation of BGP (Border Gateway Protocol) routing used by high-level DNS servers is cited as the cause of the redirection of many users from popular sites like Facebook, YouTube, and Twitter.
Certain ISPs began getting DNS data from a Chinese root DNS server operated by Swedish company Netnod, and giving the data intended for Chinese users to computers overseas. This effectively brought these users under the full censorship of the Chinese Firewall system, and cutting off their access to many popular sites.
This is causing many security experts to worry. If you're under China's firewall restriction, they can, in theory, redirect any all traffic they want to. According to Rodney Joffe, a senior technologist for DNS services company Neustar, this security leak could be a problem on any network that accepts the flawed routes.
According to Danny McPherson, chief security officer at Arbor Networks, "I don't think it was done intentionally[.] This is an example of how easy it is for this information to be contaminated or corrupted or leaked out beyond the boundaries of what it was supposed to be."
Netnod denies that it is hosting the suspicious routes on its servers, and that the routes were likely changed by machines somewhere in China.
Joffe cites this as an example of why BGP is a big security hole in the Internet. "It's really disconcerting form a security point of view and from a privacy point of view."
According to Nominet researcher Roy Arends, this isn' t the first time incidents like this have happened. It is, however, the first time it's been made public. "I wanted to keep this internal, however, the cat is out of the bag now[.]"
UPDATE: PC World reports that Netnod has "withdrawn route announcements" from the affected DNS server in China, effectively taking the DNS server of the Internet. Netnod CEO Kurt Lindqvist still denies Netnod culpability for the bad routes, and many security experts agree with Lindqvist in placing blame on a third-party within China.
Whether or not this was a directed attack on the DNS server in an effort to spread the firewall overseas, a rogue hacker trying to break the DNS server, or simply a fluke error in BGP, has yet to be determined.
31 Comments - Add comment