SHANGHAI/BEIJING (Reuters) - The cause of an Internet outage in China that rerouted millions of users to a U.S. website of a company which helps people get around Beijing's censorship remained a mystery on Wednesday, but experts weighed the possibility of a cyberattack.
Users were redirected to a site run by a company tied to the Falun Gong, a spiritual group banned in China which has been blamed for past hacking attacks.
An official Xinhua news service report quoted Chinese security experts saying the outage could have been exploited by hackers, or could have been the result of a hacking attack.
The state-run China Internet Network Information Center (CNNIC) said in a microblog post that the outage, which lasted for several hours, was due to a malfunction in China's top-level domain name root servers on Tuesday afternoon.
Chinese Internet users were rerouted to a U.S.-based website run by Dynamic Internet Technology (DIT), a company that sells anti-censorship web services tailored for Chinese users, including a product that enables the retrieval of microblog posts deleted by Chinese censors.
"The Internet disruption appears to have taken place through changes to the Domain Name Service - the mapping between domain names and the IP addresses for the corresponding content servers - rather than through attacks on the underlying infrastructure," said Jim Cowie, CTO of Renesys, which monitors global Internet activity.
A mistake made by the Chinese government could be at fault for the outage. "Instead of targeting a small list of websites the (Chinese Internet censorship systems) malfunctioned and targeted any domain," said Bill Xia, founder of DIT. "For such a large scale attack just targeting users in China it can only be done by the Great Firewall."
The malfunction is a result of a Domain Name Service (DNS) hijacking, said Xia, where even if people tried to go to a non-existing website they would be redirected to DIT's site.
"It's even clearer this is not an attack of all the Domain Name Servers in the world, but the same as the DNS hijacking technologies used by the Chinese government to block websites they don't want," he said.
The Epoch Times, a publication produced by the Falun Gong which is banned in China, is a client and sponsor of DIT, according to Xia, who is a member of Falun Gong.
An attempt to locate Xia showed that many of his listed numbers were fake, including one for an American home security company. Xia, based in the U.S., was reluctant to give out specifics about his age and location.
Falun Gong, whose members are persecuted in China, have been accused of hacking official Chinese media in the past, including government TV satellite broadcasting systems in 2002.
Xia denied the possibility of the outage being caused by Falun Gong hackers, but said he had no explanation for why Chinese websites were redirecting to his site.
Other clients listed on the DIT site include Voice of America and Human Rights in China, though Xia said the client list is no longer up-to-date.
The outage, which began around 3:15 p.m. local time, redirected roughly 1 million requests per second to the DIT site, said Xia.
Chinese web service providers have struggled to overcome recurrent performance bottlenecks in the country's massive but often rickety data network. The need to continuously censor domestic content and block foreign websites only complicates the matter.
In addition to fending off hacking attacks, network providers face challenges finding experienced server administrators and dealing with government bureaucracies with frequently overlapping jurisdictions over different aspects of Internet services.
(Reporting by Pete Sweeney and Paul Carsten Additional reporting by Alina Selyukh in Washington D.C.; Editing by Edwina Gibbs and Jeremy Laurence)