Hijacking Searches: the Google Gets Baidu-ed
Posted on October 19, 2007
Filed Under China Business, China Internet, GFW |
Agence France-Presse reports that Microsoft, Google and Yahoo search services are being redirected to Baidu, a Chinese competitor:
US Internet search engines in China were being hijacked and directed to Chinese-owned Baidu, analysts said Wednesday, speculating that the move was in retaliation for Washington’s award to Tibet’s exiled spiritual leader the Dalai Lama.
I haven’t seen this, but there are enough reports to indicate something is going on:
A Google spokesman told AFP: “We’ve had numerous reports that Google.cn and other search engines have been blocked in China and traffic redirected to other sites.”
“While this is clearly unfortunate, we’ve seen this happen before and are confident that service will be restored to our users in the very near future,” the spokesman said.
Microsoft, queried about the incident, said through a spokesman: “We are looking into this matter.”
There’s lots of speculation as to why:
“It seems like China is fed up with the US, so as a way to fight back, they redirected virtually all search traffic from Google, Yahoo and Microsoft to Baidu, the Chinese based search engine,” analysts Danny Sullivan and Barry Schwartz wrote at Search Engine Roundtable.
The authors said it was not clear exactly how or why the searches were being redirected, but China is known for tightly controlling the Internet and using a variety of filters to screen out search results for issues relating to dissidents or the 72-year-old Tibetan spiritual leader.
“Some have accused Baidu of hijacking the traffic, but we think it’s likely that China is upset with the US over the award it granted to the Dalai Lama and is retaliating by hurting US-based search engines,” Sullivan and Schwartz said.
There’s little discussion of how this would be done, though. If someone types in “www.google.cn” and is sent to “www.baidu.com” then it’s obvious that the DNS records have been altered. DNS is the internet directory that translates web site names into IP addresses. Either someone has manually changed the records at the .CN root server or there has been a DNS poisoning attack.
The .CN DNS servers are administered by CNNIC, so they’d be the ones to ask about any manual changes. No one seems to have bothered to follow up with them for a comment or explanation. I checked their DNS lookup and it points to the correct google nameservers.
The other option is a DNS poisoning attack. For example, an ISP’s nameserver can be fooled into accepting incorrect DNS data for a domain by bombarding it with requests for the target site’s IP address and flooding it with spoofed responses. Chances are eventually the ISP’s DNS server will accept a spoofed response (this requires getting lucky with data in a few fields, but if enough spoofed responses are generated it’s only a matter of time). For an excellent technical breakdown of this, see this PDF from SecureWorks .
I’m a heavy user of the google, and I haven’t noticed any problems in Shanghai. It would be interesting to see the geographic distribution of the reported redirects. It may just be a poisoned DNS cache at some ISP or group of ISPs.
But a poorly configured server being attacked by some prankster doesn’t make for a good conspiracy theory. Having the 17th party congress in session only spices up the whole story.
I’m a sucker for conspiracy theories, but I need a little more information (and better reporting) before I’m willing to put all this on a grassy knoll.
GFW update
YouTube is now blocked, Blogspot is now not blocked. YAWN.
Comments
Leave a Reply
RSS
