Hack most likely not the reason Chinese traffic bombarded US addresses

Network and security experts are still trying to nail down the cause of an outage on Tuesday that briefly redirected huge amounts of China's Internet traffic to US destinations.

The incident left a large portion of China's 500 million Internet users unable to visit websites ending in .com, .net, and .org. Requests for addresses ending in those top-level domains were instead sent to IP addresses operated by US-based Dynamic Internet Technology or, according to The New York Times, a 1,700-square-foot house in Cheyenne, Wyoming.

Local officials in China said the incident was the result of a malfunction in the country's domain name system. They called on authorities to do more to protect China's DNS servers. US-based security researchers, however, said a DNS outage or hack was most likely not the cause. A public DNS server operated by Google returned the same faulty IP addresses generated by China's official servers, these researchers said. They pointed out that Dynamic Internet Technology operates services designed to circumvent China's censorship regime, which is often referred to as the Great Firewall of China (GFW).

"They have to hack into GFW," researchers at GreatFire.org explained. "If they are indeed capable of doing that, they can accomplish so much more than messing the entire Chinese Internet up.

A more likely explanation for Tuesday's outage is a glitch in the GFW that inadvertently routed all requests to Dynamic Internet Technology addresses instead of blocking them as Chinese officials had intended. There's still no working theory on what caused some traffic to be directed to Sophidea Incorporated, which is registered as being located in Cheyenne. The outage, which lasted for several hours on Tuesday morning, probably had the effect of a massive distributed denial-of-service attack on the US addresses on the receiving end of the redirected requests.