Source of problem unknown, but 'wasn't domestic' provider

China's Internet network remains vulnerable, and many issues must be fixed, experts said Wednesday as the nation's cyberconnection recovered after a massive crash the day before.

Tens of millions of netizens in China lost access to the World Wide Web on Tuesday afternoon due to a critical malfunction of the Domain Name System infrastructure.

The incident, which stemmed from a cache poisoning attack, left large numbers of top-level domains including .com, .net and .org out of commission.

Popular websites operated by Baidu Inc, Sina Corp and Tencent Holding Ltd all were affected.

The snag afflicted about two-thirds of Chinese websites, according to Beijing-based tech firm Qihoo 360 Technology Co Ltd.

"Although the government is spending more on Domain Name System protection, the industry needs to give more attention to prevent stronger DNS-related attacks," said Li Xiaodong, executive director at China Internet Network Information Center. Li also heads a State level lab specializing domain name administration.

"The country should see the DNS as a critical national strategic infrastructure because it is the foundation of the entire Internet applications," according to Li.

"The country needs better monitoring and a quicker responding system to safeguard Internet security," said Zhao Wu, a website security expert at Qihoo.

At least two of the 13 root name servers worldwide were affected, said Zhao. The two servers are operated outside China by the US National Aeronautics and Space Administration and Washington-DC-based company Cogent Communications Inc.

"We do not have the required conditions to set up a root name server inside China," said Li with CNNIC. "The only way to improve the Internet responding speed and stability is to introduce more root name server mirrors," he added.

The DNS works as a navigator on the Internet, directing page view requests to corresponding IP addresses.

Hacking the DNS will mislead the server into guiding the requests to the wrong sites. Technically, hackers can direct netizens to a phishing website. Such behavior can result in user information being compromised, said Zhao.

Tuesday's incident, however, only led netizens to a blank page, and no leakage of information has been reported, according to Zhao.

But it was an unprecedented malfunction both in terms of the number of websites affected and the duration of the incident, said net.cn, an Internet service provider owned by Alibaba Group Holding Ltd.

"The cause of the incident remains unknown, but it has been verified that Chinese providers had nothing to do with it," news portal qq.com reported, citing Song Yingqiao, vice-president of net.cn.

"Based on current information, the incident was caused by a cyberattack," said the National Computer Network Emergency Response technical Team Coordination Center of China, or CERT, a government-backed technical coordination organization.

"The source of the attack remains unknown," it said.

No individual or group had stepped forward to claim responsibility as of Wednesday.

China has become a top target for hackers. Last December, more than 2.2 million Internet terminals in the nation were infected with viruses, while cybervandalism occurred on 6,823 websites, and 6,171 others were breached by backdoor malware, CERT data showed.

The DNS apparently is one of the weakest links in China's Web network.

In 2006, an undersea earthquake crippled communication cables connecting China and the United States. Three years later, a typhoon triggered Internet service malfunctions in multiple provinces.

And in 2010, an organization called the Iranian Cyber Army hacked Baidu, the most popular search engine in China.

gaoyuan@chinadaily.com.cn