Large parts of China’s Internet went dark this past weekend as the country came under what the Beijing government is calling the “largest ever” hack attack on Chinese sites.
According to The China Internet Network Information Center (CNNIC)
, which “operates and administers country code top level domain of .cn and Chinese domain name system,” the denial of service, or DDoS, attacks started at 2:00 a.m. local time Sunday morning. CNNIC said the initial attack was followed two hours later by a larger attack. Both focused on websites with the .cn extension.
In an interview with the Wall Street Journal
, Matthew Prince, the chief executive of CloudFlare, a company that provides Web performance and security services for more than a million websites, said China saw a 32 percent drop in Internet traffic for domains in the company’s network during the two-hour attack.
CNNIC apologized to users for the attack and promised to strengthen security in the future. The organization did not elaborate on who might have been behind the attacks.
“It's just another example that China does indeed have its own enemies who attempt to disrupt its Internet operations,” said Jeffry Carr, CEO of Taia Group, a cybersecurity firm. “Such enemies include hackers from Taiwan, India, Tibet, the Middle East and, of course, the United States.”
Carr added that denial-of-service attacks do not require a lot of technical know how.
"Denial-of-service attacks can be as simple as downloading a free tool like Anonymous's LOIC product or one can visit any number of hacker forums where DDoS services are cheaply available for hire."
Christopher Burgess, CEO of Prevendra, Inc., says the attack could have also have come from within China.
“The prompt response and resolution by China's CNNIC and lack of attribution provided by the CNNIC of attack origin warrants further monitoring. It begs the question, was this a self-inflicted wound by a Chinese entity, such as one of those identified by Mandiant
in their report earlier in 2013 or an attack originating by a criminal element,” he said.
While China is known for efficient Internet censorship, some question the country's cyber defenses.
"The attack points out the vulnerability of the entire Chinese web to cyber attack from the outside," said Matthew Aid, an independent intelligence analyst. "If all Internet sites ending in .cn can be taken down by nothing more sophisticated than a conventional denial-of-service attack, the Chinese Internet system is more vulnerable than we previously believed. Clearly Chinese cyber defenses are not what they should be"
Domains with the .cn extension appeared to be working normally on Monday.