South China Morning Post
Advertisement
Advertisement
China's domain name service suffered the largest attack ever on a mainland internet address server at the weekend. Photo: Xinhua
China

Chinese internet server jammed in largest ever mainland hacker attack

Domain name service disrupted in unprecented attack that created massive volumes of activity

Stephen Chen
Stephen Chenin Beijing
Why you can trust SCMP

China's domain name service suffered the largest attack ever on a mainland internet address server at the weekend, the central government said yesterday.

The attack started very early on Sunday and was continuing yesterday afternoon, it said. More than eight million websites are registered with China's top-level country domain, .cn

Li Xiaodong, executive director of the China Internet Network Information Centre, (CNNIC), which maintains the servers, said such an attack was unprecedented.

To jam the Chinese servers, the attackers summoned traffic flow "far greater" than anything seen before, he said, without providing a figure on the volume.

The first wave of attacks began at about midnight and lasted around two hours, interrupting services, CNNIC said.

The second wave, at about 4am, turned out to be the biggest denial-of-service attack on Chinese domain name servers in history, slowing or killing connections to certain Chinese websites. A staff member at CNNIC told the that the attack was still going on yesterday afternoon.

"We feel sorry for websites affected," he said, speaking anonymously. "We strongly condemn those launching the attack."

Access to most Chinese websites remained more or less normal yesterday, however, as the central government activated a contingency plan, including the use of backup servers.

Li said the attack probably came from a large number of "zombie computers". Given the scale, it was more likely to involve an organisation than ordinary hackers, he told

Tang Wei , senior network security engineer with Rising, a mainland anti-virus software firm, suspected the attack was launched overseas.

"I doubt any individual or organisation in China has the resources or guts to challenge the government in such a way," he said. "This incident has created a seismic shock for the industry."

Tang said the attacker obviously wanted to damage China's top-level domain, but their motive was anyone's guess.

Liu Qing , an internet security expert in Shanghai, said the attack seemed vengeful and that foreign governments such as the US were unlikely to be behind such an operation. "Government hackers prefer sneaking in the back door, not slamming the front door," he said.

He did not rule out the possibility that the attack was revenge for the recent government crackdown on some Weibo users.

Though it was possible to track down the attacker, in practice the government might need to persuade many other countries to co-operate fully on the investigation, Liu said.

"The attacker might have very likely faked their IP address and employed many overseas servers," he said.

"Their real identity might remain a mystery forever."

 

This article appeared in the South China Morning Post print edition as: Mainland internet server jammed in hacker attack
Post