An Open Letter to Lu Wei and the Cyberspace Administration of China

January 26, 2015

Beijing, China

 

Mr. Lu Wei

Director of the Cyberspace Administration of the People’s Republic of China 中央网络安全和信息化领导小组办公室主任

Director of the State Internet Information Office 国家互联网信息办公室主任

Deputy Director of the Central Propaganda Department of the Chinese Communist Party 中共中央宣传部副部长

Cyberspace Administration of China,

Floor 1, Building 1,

Software Park, Chinese Academy of Sciences,

4 South 4th Street, Zhongguancun,

Beijing, China, 100190

 

Dear Mr. Lu,

On January 22, 2015, the Cyberspace Administration of China (CAC), which is under your direct control, wrote a response to a story we published about an MITM attack on Microsoft. In the post, your colleague, Jiang Jun, labelled our accusations as "groundless" and  "unsupported speculation, a pure slanderous act by overseas anti-China forces".

We at GreatFire.org take great offense to these comments and we will refute them in this letter.

We do not level accusations against CAC lightly. We took great lengths to provide data collected during the attack to back up our claims. Multiple reports confirmed our analysis, including screenshots and tests posted by Chinese internet users as well as independent analysis from security experts.

We have reported on previous MITM attacks against iCloud, Yahoo, Microsoft and Google, all of which have been confirmed by the respective companies. We have also asked independent security experts to examine the data we or Chinese users captured during each MITM attack. Please see the independent data analysis in each instance here: Outlook, iCloud, Google, Yahoo, Github. In each case the conclusions are similar:

Our conclusion is that this was a real attack on Microsoft's email service. Additionally, the attack is very similar to previous nationwide Chinese attacks on SSL encrypted traffic, such as the attack on Google a few months ago.   

Two independent security experts contacted by Reuters said GreatFire's report appeared credible.

"All the evidence I've seen would support that this is a real attack," said Mikko Hypponen, chief research officer at security software developer F-Secure.

To be more specific, it appears as if the MITM attacks are being performed on backbone networks belonging to China Telecom (CHINANET) as well as China Unicom.  

All evidence indicates that a MITM attack is being conducted against traffic between China’s nationwide education and research network CERNET and www.google.com.

The fact that the MITM machine was six hops away from the user indicates that the MITM is taking place at some fairly central position in China's internet infrastructure, as opposed to being done locally at the ISP.

We have noted your department's denial of involvement in the Outlook MITM attack. However, Jiang Jun acknowledges that an attack took place. We assume that by proclaiming your innocence, you believe that others are responsible for the attack.

If CAC is not responsible for the attack, nor complicitly letting it happen, can you please explain how “hostile forces” can tap into the backbone of Chinese Internet and implement nationwide MITM attacks six times over the past two years?

Why did CAC not launch an investigation after you denied any involvement in a MITM attack against Apple’s iCloud in October, 2014? Do note that your colleague Mr. Jiang states:

The Chinese government is a staunch advocate for cyber security and stands firmly against any sort of cyber attack. China will crack down on online offensive maneuvers initiated in China and those launched via Chinese Internet infrastructure in line with law.

Can you please explain, Mr. Lu, how CAC has cracked down on these “offensive maneuvers”? How come your department is censoring reports about this attack and even stories that appear in state media, including People's Daily?

Mr. Jiang also makes several accusations about GreatFire.org, all of which we would like to address in this letter.

"姜军说,Greatfire.org是境外反华组织创办的反华网站,长期对中国政府进行无端攻击.此次炒作选在国家网信办宣布依法关闭一批违法违规网站、栏目和微信公众账号之时,蓄意引发不满情绪,污蔑指责中国网络空间治理制度”.

Our translation: Jiang Jun said, GreatFire.org is an anti-China website set up by an overseas anti-China organization (1). It has long made groundless charges against Chinese government (2). They (GreatFire.org) timed this incident with an announcement from CAC about the closure of illegal websites, website columns, and public WeChat accounts (3), aiming to incite dissatisfaction and to smear China's cyberspace management system (4).

(1) Three people founded GreatFire.org in 2011 without any help from any external organizations. We were dissatisfied with Internet censorship in China and we decided to fight against it. We are not anti-China but we are anti-censorship in China. Please take the time to read more about the history of our organization.

(2) We've been monitoring and writing about Chinese Internet censorship since 2011. In fact, the main purpose of GreatFire.org is to automatically test internet censorship in China. All of our blog posts are backed up by hard data, collected from automatic testing, manual testing and user reports. As mentioned earlier, we have even provided the full raw data on the most recent MITM attack. This evidence is far from being “groundless”.

(3) Unless you are accusing us of staging this attack, how is it possible that we can "time" the MITM attack with your announcements? Microsoft has confirmed that there was an attack - we simply reported on it in a timely fashion. In fact, this timing provides some indication that CAC is indeed behind the MITM attack. Perhaps the closing of WeChat accounts and the attack on Outlook were part of the same plan?

(4) We do agree on one thing and that is that we are "aiming to incite dissatisfaction and smear China's cyberspace management system". We are here to watch what you are doing, to criticise you when you are wrong and to end online censorship in China. And we are encouraging netizens and companies alike to fight against GFW and Chinese internet censorship in general. We've called for Microsoft, Apple and others to immediately revoke trust for CNNIC certificate authority. Your continued MITM attacks, your denial of your involvement in these attacks, and your baseless accusations against us are only adding to the urgency of revoking trust for CNNIC.

We have also noted that you have instructed Chinese media to discontinue mentions of us in the Chinese press, after you labeled us as “anti-China”. However, no matter what censorship measures you put in place, our voice will continue to be heard by state media, including this mention in the Global Times:

"The Great Firewall is blocking the VPN on the protocol level. It means that the firewall does not need to identify each VPN provider and block its IP addresses. Rather, it can spot VPN traffic during transit and block it," one of the founders of an overseas website which monitors the Internet in China told the Global Times Thursday via e-mail.

We look forward to receiving an apology from you for your groundless slander against us; your “wild guesses and malicious blemishes" will not help solve cyber issues.

Sincerely,

The Team at GreatFire.org


 

 

Comments

More Blog Posts

Subscribe to our mailing list
Show content from Blog | Google+ | Twitter | All. Subscribe to our blog using RSS.

Mon, Nov 25, 2024

China’s New Effort to Achieve Cyber Sovereignty

How Real-Name Registration policies create an “ideological firewall” that chills dissent by eliminating user anonymity and selectively restricting transnational access to Chinese social media apps.

Thu, Aug 10, 2023

1.4 million people used FreeBrowser to circumvent the Great Firewall of Turkmenistan

Since 2021, the authorities in Turkmenistan have taken exceptional measures to crack down on the use of circumvention tools. Citizens have been forced to swear on the Koran that they will not use a VPN. Circumvention tool websites have been systematically blocked. Arbitrary searches of mobile devices have also taken place and have even targeted school children and teachers.

The government has also blocked servers hosting VPNs which led to “near complete” internet shutdowns on several occasions in 2022. Current reports indicate that 66 hosting providers, 19 social networks and messaging platforms, and 10 leading content delivery networks (CDNs), are blocked in the country. The government presumably is unconcerned about the negative economic impact that such shutdowns can cause.

Fri, Mar 18, 2022

Well-intentioned decisions have just made it easier for Putin to control the Russian Internet

This article is in large part inspired by a recent article from Meduza (in Russian).

Since the beginning of the war in Ukraine, Russian users have had problems accessing government websites and online banking clients. Browsers began to mark these sites as unsafe and drop the connection. The reason is the revocation of digital security certificates by foreign certificate authorities (either as a direct consequence of sanctions or as an independent, good will move); without them, browsers do not trust sites and “protect” their users from them.

However, these actions, caused - or at least triggered by - a desire to punish Russia for their gruesome actions in Ukraine, will have long-lasting consequences for Russian netizens.

Digital certificates are needed to confirm that the site the user wants to visit is not fraudulent. The certificates contain encryption keys to establish a secure connection between the site and the user. It is very easy to understand whether a page on the Internet is protected by a certificate. One need just look at the address bar of the browser. If the address begins with the https:// prefix, and there is a lock symbol next to the address, the page is protected. By clicking on this lock, you can see the status of the connection, the name of the Certification Authority (CA) that issued the certificate, and its validity period.

There are several dozen commercial and non-commercial organizations in the world that have digital root certificates, but 3/4 of all certificates are issued by only five of the largest companies. Four of them are registered in the USA and one is registered in Belgium.

Mon, Aug 03, 2020

Announcing the Release of GreatFire AppMaker

GreatFire (https://en.greatfire.org/), a China-focused censorship monitoring organization, is proud to announce that we have developed and released a new anti-censorship tool that will enable any blocked media outlet, blogger, human rights group, or civil society organization to evade censors and get their content onto the phones of millions of readers and supporters in China and other countries that censor the Internet.

GreatFire has built an Android mobile app creator, called “GreatFire AppMaker”, that can be used by organizations to unblock their content for users in China and other countries. Organizations can visit a website (https://appmaker.greatfire.org/) which will compile an app that is branded with the organization’s own logo and will feature their own, formerly blocked content. The app will also contain a special, censorship-circumventing web browser so that users can access the uncensored World Wide Web. The apps will use multiple strategies, including machine learning, to evade advanced censorship tactics employed by the Chinese authorities.  This project will work equally well in other countries that have China-like censorship restrictions. For both organizations and end users, the apps will be free, fast, and extremely easy to use.

This project was inspired by China-based GreatFire’s first-hand experience with our own FreeBrowser app (https://freebrowser.org/en) and desire to help small NGOs who may not have the in-house expertise to circumvent Chinese censorship. GreatFire’s anti-censorship tools have worked in China when others do not. FreeBrowser directs Chinese internet users to normally censored stories from the app’s start page (http://manyvoices.news/).

Fri, Jul 24, 2020

Apple, anticompetition, and censorship

On July 20, 2020, GreatFire wrote to all 13 members of the Subcommittee on Antitrust, Commercial and Administrative Law of the U.S. House Committee on the Judiciary, requesting a thorough examination into Apple’s practice of censorship of its App Store, and an investigation into how the company collaborates with the Chinese authorities to maintain its unique position as one of the few foreign tech companies operating profitably in the Chinese digital market.  

This letter was sent a week before Apple CEO TIm Cook will be called for questioning in front of the Subcommittee on Antitrust, Commercial and Administrative Law. The CEOs of Amazon, Google and Facebook will also be questioned on July 27, as part of the Committee’s ongoing investigation into competition in the digital marketplace.

This hearing offers an opportunity to detail to the Subcommittee how Apple uses its closed operating ecosystem to not only abuse its market position but also to deprive certain users, most notably those in China, of their right to download and use apps related to privacy, secure communication, and censorship circumvention.

We hope that U.S. House representatives agree with our view that Apple should not be allowed to do elsewhere what would be considered as unacceptable in the U.S. Chinese citizens are not second class citizens. Private companies such as Apple compromise themselves and their self-proclaimed values of freedom and privacy when they collaborate with the Chinese government and its censors.

Subscribe to our blog using RSS.

Comments

恭喜greatfire.org获得国家级 “反华” 认证。 加油!

鄙视那些个发言人

Great letter. Look forward to hearing if there's a response, though I think we all know how likely that is.

加油

加油

visitor of this site, so keep posting for us,

click the below links to create backlink
best free backlink website then click.
msg movie

thank for sharing Ontips-in

thanks for this post, keep it up for updating us, i am waiting for ur new article.

thanks again
IPL8 live stream 2015

Its like you read my mind! You appear to know so much about this, like you wrote the bolok in it or something.
I think that you can do with some pics to drive the message home
a bit, but instead of that, this is excellent blog.
A great read. I will certainly be back.

Here is my webpage: perdre du poids rapidement (Quentin)

hello friends, here we are represent latest collection of palm sunday images thanks

Thanks for this post and i will be waiting for another

happy mothers day 2015
happy mothers day
mothers day 2015

这个网站并不那么反华,比无国界记者好多了。无国界纯粹是为了反对而反对。

Hi! This is kind of off topic but I need some advice from an established blog.
Is it tough to set up your own blog? I'm not very techincal but I can figure
things out pretty fast. I'm thinking about making my own but I'm not sure
where to begin. Do you have any ideas or suggestions?
With thanks

My site Backlinks

那么网信办回复了你们吗?

good Share what you're watching and just what feels you more interested https://mobdrodownloads.com Using below link you can download Mobdro 1.2.446 APK 2015.nice.

You can see more at Three people founded GreatFire.org in 2011 without any help from any external organizations. We were dissatisfied with Internet censorship in China and healthoffset.com decided to fight against it. We are not anti-China but we are anti-censorship in China. Please take the time to read more about the history of our organization

good to date functions such as songs streaming, showbox as well as set up the apk variation of Showbox application. best.

So if you want to view you fevorite TV shows like https://iterrariumtv.com which is readily available for Android as well as.

You can easily check modem settings with https://www.192-168-l-l.net/ and router setup also.

tubidy tunes most recent included mp3s by tubidy mp3 tracks. tubidy.mobi would certainly be much better referred as the heaven for

else method to install your TV gamer on IOS.However, You TV Player you TV player is out Google play store as well as you have.

Yep! Hope Mr Lu Wei see this letter! He should read it and understand how many difficulties he cause for the users around China. instagram online Thank you for writing the letter!

I am from bangladesh. want to communicate Mr.Lu wei.important.please help guys..my email k.iftakhar@yahoo.com thanks

Add new comment

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
By submitting this form, you accept the Mollom privacy policy.