Ethan Zuckerman’s online home, since 2003

Watching, waiting (part 2)

Readers of Global Voices – and of this blog – know that many Chinese people aren’t happy about western media coverage of the Tibet protests. Specifically, they’re really not happy with CNN. And April 19th is evidently slated to be “anti-CNN day” in a number of locations around the world.

Why CNN specifically? Well, Jack Cafferty’s comments didn’t help. Speaking on The Situation Room, he offered the commentary, “So I think our relationship with China has certainly changed… I think they’re basically the same bunch of goons and thugs they’ve been for the last 50 years.” (He’s subsequently clarified that the “goons and thugs” are the Chinese government not the Chinese people. Good luck with that.)

One of the protests that could be most interesting has been organized by a group calling itself “Revenge of the Flame“. They had planned on executing a massive denial of service attack on CNN’s website, launched at 8pm Beijing time on the 19th. The cat, however, is out of the bag, and CNN has reported that they’re expecting the attack and are taking countermeasures that might make the site slow or unavailable in Asia. (In other words, they’re likely filtering requests from large sets of Asian IP addresses and preventing those IP addresses from making more than a few requests per second…) Revenge has responded by calling off the attack and threatening another one at some unannounced point in the future.

Could a group of Chinese hackers shut down CNN? My guess – they could certainly make for a very uncomfortable Saturday for CNN sysadmins, especially if they’ve gotten hold of large botnets. Will some hackers attempt to attack the site tomorrow? Probably. Will they succeed? Wait and see…

Danwei is reporting that CNN is currently blocked in China. That might be a government response to anger over Caffrey’s comments, which have oddly been raised to the status of international incident, when they should probably be dismissed as the rantings of a xenophobic blowhard. But there’s another explanation – if the Chinese government were worried about the implications of an attack by Chinese hackers on cnn.com, blocking the site at a national boundary level might be an effective defense. Assume your attacker has a botnet built mostly from compromised computers within China. It’s pretty trivial to issue a DDOS on a specific URL. It’s trickier to order that DDOS via an unblocked proxy server. Even if you can, you’re far more likely to take down that proxy server than take down cnn.com.

Not saying that’s why they’re blocking the site. Just saying that it’s an interesting possibility. And one worth watching.

6 Responses to “Watching, waiting (part 2)”

  1. Peter Rock says:

    if the Chinese government were worried about the implications of an attack by Chinese hackers on cnn.com

    Why would the Chinese government be worried if cnn.com was attacked?

  2. Andrew Lih says:

    Ethan, each time I tested CNN “loadability” I also tested it from a shell account within the US. While CNN was slow and spotty, when it was not loadable in China it was also “unloadable” as well in the US, which led me to believe that it was a DDOS attack on CNN’s servers. Also, of the four IPs that it round robin resolved to, one of them hung for a few hours, while three of them worked. Later on they added more addresses so it round robins to eight IPs, all of them working as of now.

    This seems to coincide with the later updates of Shanghaiist who reported similar phenomena.

    It is certainly possible CNN did some pre-emptive blocking from certain IP ranges, but it’s something hard for an individual to check.

  3. DJB Rizalist says:

    Is this the shape of things to come? International cyberwarfare. Botnets! Shades of the Terminator. Thanks for this analysis though Ethan. it’s more than interesting. It’s scary, really.

  4. anon says:

    The Chinese government has proved more than once that they often react capriciously. What do you think would be the reason for them to protect CNN servers?

    Do they fear a quid pro quo American attack on Xinhua? They only need more reasons to shut off China from the outside world.

  5. Ethan says:

    I think they don’t want the current upset to erupt into widespread protest. And I think the last thing the government wants, heading into the Olympics, are accusations that they’re allowing “cyberwarfare” to take place agains the US. It’s a balancing act for the government – nationalism, for the most part, is very helpful for them. But the fear is that it starts having “real-world” manifestations and causing real damage to US/China relationships.

    (Keep in mind that China benefits a great deal from the current structure of US/China trade, and that governments as a whole are waking up to the power of virtual attacks, as in Russian attacks on Estonia.)

    See also Mark Magnier in the LA Times making a similar argument: http://www.latimes.com/news/nationworld/world/la-fg-backlash19apr19,1,4240600.story

  6. Ethan says:

    Some interesting evidence that hackers managed to take down a supplier of information to CNN’s sports coverage, though not CNN proper – http://www.techcrunch.com/2008/04/21/chinese-hackers-take-down-sportsnetwork/

Trackbacks/Pingbacks

  1. …My heart’s in Accra » China, bias, misunderstanding - [...] news than they were by his congregants… and this almost cost Obama the democratic nomination. Comments made by Jack …

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

 

Powered by WordPress | Designed by Elegant Themes