Weibo, one of China’s most popular websites with over 500 million users, was offline for two hours on Jan. 20. The traffic was being redirected to an address run by Freegate, a tool blocked in China that lets users break through China’s system for Internet censorship.
Weibo is China’s state-approved social media network, like a cross between Facebook and Twitter—both of which are blocked in China. On Tuesday afternoon, with Weibo back online, the issue was the top discussion with 269,068 Chinese users talking about it. One user, ITHome, said in Chinese: “What IP is 65.49.2.178? It’s sure to go down in history.”
The IP, or “Internet Protocol” address, the user referred to is one of the channels Freegate provides that allows Chinese users to route their connections through and access websites otherwise blocked in China.
Nobody is quite sure what happened, exactly. Even Bill Xia, president of Dynamic Internet Technology, which makes Freegate, is still trying to analyze what took place.
“We thought it was an attack,” said Xia. “From our perspective, we observed excessive, abnormal traffic to one of our IPs.”
The incident brought hundreds of thousands of users to one of Freegate’s IP addresses per second, and threatened to take Freegate offline. Xia said that in order to keep Freegate running, they treated the traffic surge as an attack, and dropped the traffic.
Xia said he is still analyzing the attack, yet he believes it was a slip-up from Chinese authorities running China’s system for Internet censorship.
Freegate is free software that people can use to break through Internet censorship. Xia created it to help Chinese people break through China’s Internet blockade, but it is also used by people throughout the world. Freegate, and a sister product called Ultrasurf, have been used in places like Iran, Egypt, and Burma to break through censorship of repressive regimes.
Xia said that Chinese authorities “have systems to block websites and to try to block software like Freegate.” He believes the recent attack comes from a technology the regime uses for DNS hijacking, in other words “when people visit many websites they will just send them to the wrong IP,” explains Xia.
DNS is like an Internet phone book, and a website’s IP and the domain name are connected to it. When you type in a domain name (like “theepochtimes.com”), it goes to a DNS server which finds the domain’s IP address and sends you to the website.
By changing a website’s target IP address at the DNS level, Chinese authorities are able to block traffic to the target website by sending visitors somewhere else.
Xia said the recent incident has a familiar fingerprint.
He investigated a similar incident in 2002, which his team identified as a case of DNS hijacking. People in Hong Kong trying to visit Weibo were redirected to FalunDafa.org, a website where people can read the teachings and learn the exercises of Falun Gong.
Falun Gong, also called Falun Dafa, is a Chinese meditation practice based on the principles of truthfulness, compassion, and tolerance. It was banned by Chinese authorities in 1999, when an estimated 100 million Chinese people were practicing—more than there are members of the Chinese Communist Party.
Xia said the 2002 attack was done at the gateway level with DNS hijacking technology. “Only the Chinese government has the administrative authority and technical ability to employ such things for an extended time.”
Despite the findings and a previous encounter with such an attack, Xia believes that both the 2002 attack and the recent one were slip-ups by Chinese authorities.
“Our guess is they messed up again,” he said. “This doesn’t make sense for them, so I assume it was a mistake in their operation.”
He said he also doesn’t believe that Chinese authorities were trying to block Weibo. He believes other websites were impacted, and Weibo, which is getting the most attention, was just caught up in the attack.
“Or it could be a mistake,” he said. “Maybe they meant to fill in another IP.”
He added, “Maybe our IP is just on their minds.”