Wednesday, June 29, 2011

China attacks VPNs with DNS poisoning

As the 90th Anniversary of the Chinese Communist Party looms authorities have become increasingly edgy. While Wen Jiabao has been openly talking about freedom and democracy at home the government are clamping down,

"Without freedom there is no real democracy and without the guarantee of economic and political rights there is no real freedom," Wen said in a speech in London on Monday. Speaking to an audience at the Royal Society, an institution devoted to scientific development and promotion, he acknowledged there where many issues that needed to be addressed in his country. "To be frank corruption, unfair income distribution and other ills that harm the people's interests still exist in China," he said.

"The best way to resolve these problems is to firmly advance the political structural reform and socialist democracy under the rule of law," said Wen. But China's prime minister is due to retire next year and his views are unlikely to have any real sway with the CCP and the next wave of leaders. In fact over the last few months there are signs that China is becoming far more authoritarian. 

Since calls for so-called Jasmine protests went out in February dozens if not hundreds of activists, dissidents, artists and lawyers have been rounded up, jailed, intimidated or placed under house arrest.

Censorship on the Internet increased with many new words added to the long list of banned words and phrases. No longer could China's army of microbloggers say Jasmine, Hillary Clinton, Jon Hunstman, Wangfujing, Egypt, revolution or protest. After someone threw an egg and shoes at the founder of the Great Firewall Fang Binxing even his name became 'harmonised', a euphemism used to describe Chinese censorship. The artist Ai Weiwei's name was also banned soon after his arrest though bloggers began to use the character for "love the future" which look similar. Those too began to be censored. News of these events has mostly been covered up. When a disgruntled resident in Fuzhou took it upon himself to target three government buildings with car bombs in May, Chinese media virtually ignored the incident though a few reports remain online [News QQ].

There has been restrictions on tourists too. Tibet has been closed off to all foreigners until September, and though there has not been any official announcement many tourist agencies have cancelled bookings.

On the streets of Beijing the Chengguan have been out in force. The City Urban Administrative and Law Enforcement Bureau [城市管理行政执法局] or ChéngShì Guǎnlǐ XíngZhèng Zhífǎ jú, is in charge with the enforcement of urban management of the city. This includes local bylaws, city appearance bylaws, environment, sanitation, work safety, pollution control and health. Street vendors are usually ignored by the Chengguan but over the last month they have taken a hard line on traders.

As Beijing swelters in 30 degree humidity many back streets fill out in the evenings with traders selling food and drink. Locals have sat at tables outside restaurants chewing on Rou Chuan [meat skewers] while swigging Tsingtao or Yanjing Beer. But in the last few weeks there has been a blitz by authorities who have moved them on. Even local fruit and vegetable stalls have disappeared.

Locals are reticent to talk to foreigners about why there were no longer tables on the streets or where the stalls had gone, but some do respond. "It's because of the anniversary," says one fruit seller who has escaped being moved on because they have a rented shop. "They might be back in a few weeks, I'm not sure."

It has certainly made the streets quieter. Once a buzzing hive of activity the area looks like a ghost town. The shops have escaped the wrath of the Chengguan. But while they once suffered from increased competition from the street traders now they are seeing even less trade as customers are going elsewhere. 

It is not just on the streets that the tightening restrictions have been applied. Television stations have, over the past few months, been told to moderate their broadcasting content. Programme restrictions have been applied to science fiction shows involving time travel and in the lead up to the anniversary of the CCP's founding, broadcasters have been issued with an edict to air more patriotic content.

Internet users have once again found themselves walled in as authorities target circumvention software. VPNs [Virtual Private Network] are often used by tech savvy Chinese, foreigners and business travellers to 'jump the firewall'. However in the past few days many services have become increasingly unusable.

One VPN provider based in the US said that China was using a method of attack known as DNS poisoning. During the National People's Congress in March this year China blocked the IP  addresses of many VPN providers amongst them 12VPN, and Companies responded to this by changing the IP addresses of websites and servers. China then blocked these new IP addresses and companies were forced to change them again. This cycle repeated a few times until the National People's Congress was over.

But now the China has chosen a different approach, that of DNS-poisoning. This means that any VPN server or website that ends with a specified address will be unreachable from China. The only way to solve this would be to change a company's domain name.  This is more troublesome than the IP blocks because it's time consuming for the company concerned and users would have to re-download and re-install the circumvention software. For many users downloading new software would be difficult since the site would be blocked. It is unlikely that China will undo the poisoning after the anniversary so eventually all China based clients will be affected, one VPN provider said.

DNS poisoning attacks are particularly worrisome and indicate a change of strategy by Chinese censors. Although the attacks are little more than disruptive at present, DNS poisoning attacks can be malicious and even dangerous. If a DNS server is poisoned, it may return an incorrect IP address, diverting traffic to another computer. This may merely send a user to another website as is described here. But it could also be used to send users to a website which would plant a virus or other malicious software [DNS cache poisoning]. The attacks also follow Chinese phishing attacks on GMail users and government disruption to Googles email and chat services.

Since all available VPNs went down this morning tvnewswatch has resorted to email postings for Twitter and Blogger. This post is only possible due to an 'email to blog' facility since Blogger itself is blocked in China.

With such continuing shenanigans China is not a safe place for business. With China blocking services that are integral to business and with no way to access them other than through a VPN, the situation is not good. Without a VPN access to Google Docs is impossible and many cloud-based services are off limits. Without access to these services it makes work difficult or even impossible. As such tvnewswatch has decided to leave China. 

Of course the situation might improve in a few weeks, but there is the constant uncertainty when using the Internet in China. This time the clampdown is blamed on the anniversary of the Communist Party's founding, but there are always anniversaries and sensitive dates. In 2009 there was high security and similar clampdowns on the 60th anniversary of the founding of the republic. There are worries every June 4th, as the world remembers the Tiananmen Massacre and China tries to forget. 

"Without freedom there is no real democracy and without the guarantee of economic and political rights there is no real freedom," Wen said this week. In China there is no freedom, thus no democracy, and it is further clarified by the fact that there is little guarantee of economic and political rights in the Middle Kingdom. An admission from the horses mouth.

tvnewswatch, Beijing, China

No comments: