Tens of millions of netizens (Internet users) in China lost access to the World Wide Web on Tuesday afternoon due to a critical malfunction of the Domain Name System (DNS) infrastructure.
The incident, which stemmed from a cache poisoning attack, left large numbers of top-level domains including .com, .net and .org out of commission, reports China Daily Thursday.
Popular websites operated by Baidu Inc, Sina Corp and Tencent Holding Ltd all were affected. Source of problem unknown, but ‘wasn’t domestic’.
China’s Internet network remains vulnerable, and many issues must be fixed, experts said Wednesday as the nation’s cyberconnection recovered after a massive crash the day before.
The snag afflicted about two-thirds of Chinese websites, according to Beijing-based tech firm Qihoo 360 Technology Co Ltd.
“Although the government is spending more on Domain Name System protection, the industry needs to give more attention to prevent stronger DNS-related attacks,” said Li Xiaodong, executive director at China Internet Network Information Center. Li also heads a State level lab specializing domain name administration.
“The country should see the DNS as a critical national strategic infrastructure because it is the foundation of the entire Internet applications,” the paper quoted to Li.
“The country needs better monitoring and a quicker responding system to safeguard Internet security,” said Zhao Wu, a website security expert at Qihoo.
At least two of the 13 root name servers worldwide were affected, said Zhao. “We do not have the required conditions to set up a root name server inside China,” said Li with CNNIC. “The only way to improve the Internet responding speed and stability is to introduce more root name server mirrors,” he added.
The DNS works as a navigator on the Internet, directing page view requests to corresponding IP addresses.
Hacking the DNS will mislead the server into guiding the requests to the wrong sites.
Technically, hackers can direct netizens to a phishing website. Such behavior can result in user information being compromised, said Zhao.
Tuesday’s incident, however, only led netizens to a blank page, and no leakage of information has been reported, according to Zhao.