An Open Letter to Lu Wei and the Cyberspace Administration of China

January 26, 2015

Beijing, China

 

Mr. Lu Wei

Director of the Cyberspace Administration of the People’s Republic of China 中央网络安全和信息化领导小组办公室主任

Director of the State Internet Information Office 国家互联网信息办公室主任

Deputy Director of the Central Propaganda Department of the Chinese Communist Party 中共中央宣传部副部长

Cyberspace Administration of China,

Floor 1, Building 1,

Software Park, Chinese Academy of Sciences,

4 South 4th Street, Zhongguancun,

Beijing, China, 100190

 

Dear Mr. Lu,

On January 22, 2015, the Cyberspace Administration of China (CAC), which is under your direct control, wrote a response to a story we published about an MITM attack on Microsoft. In the post, your colleague, Jiang Jun, labelled our accusations as "groundless" and  "unsupported speculation, a pure slanderous act by overseas anti-China forces".

We at GreatFire.org take great offense to these comments and we will refute them in this letter.

We do not level accusations against CAC lightly. We took great lengths to provide data collected during the attack to back up our claims. Multiple reports confirmed our analysis, including screenshots and tests posted by Chinese internet users as well as independent analysis from security experts.

We have reported on previous MITM attacks against iCloud, Yahoo, Microsoft and Google, all of which have been confirmed by the respective companies. We have also asked independent security experts to examine the data we or Chinese users captured during each MITM attack. Please see the independent data analysis in each instance here: Outlook, iCloud, Google, Yahoo, Github. In each case the conclusions are similar:

Our conclusion is that this was a real attack on Microsoft's email service. Additionally, the attack is very similar to previous nationwide Chinese attacks on SSL encrypted traffic, such as the attack on Google a few months ago.   

Two independent security experts contacted by Reuters said GreatFire's report appeared credible.

"All the evidence I've seen would support that this is a real attack," said Mikko Hypponen, chief research officer at security software developer F-Secure.

To be more specific, it appears as if the MITM attacks are being performed on backbone networks belonging to China Telecom (CHINANET) as well as China Unicom.  

All evidence indicates that a MITM attack is being conducted against traffic between China’s nationwide education and research network CERNET and www.google.com.

The fact that the MITM machine was six hops away from the user indicates that the MITM is taking place at some fairly central position in China's internet infrastructure, as opposed to being done locally at the ISP.

We have noted your department's denial of involvement in the Outlook MITM attack. However, Jiang Jun acknowledges that an attack took place. We assume that by proclaiming your innocence, you believe that others are responsible for the attack.

If CAC is not responsible for the attack, nor complicitly letting it happen, can you please explain how “hostile forces” can tap into the backbone of Chinese Internet and implement nationwide MITM attacks six times over the past two years?

Why did CAC not launch an investigation after you denied any involvement in a MITM attack against Apple’s iCloud in October, 2014? Do note that your colleague Mr. Jiang states:

The Chinese government is a staunch advocate for cyber security and stands firmly against any sort of cyber attack. China will crack down on online offensive maneuvers initiated in China and those launched via Chinese Internet infrastructure in line with law.

Can you please explain, Mr. Lu, how CAC has cracked down on these “offensive maneuvers”? How come your department is censoring reports about this attack and even stories that appear in state media, including People's Daily?

Mr. Jiang also makes several accusations about GreatFire.org, all of which we would like to address in this letter.

"姜军说,Greatfire.org是境外反华组织创办的反华网站,长期对中国政府进行无端攻击.此次炒作选在国家网信办宣布依法关闭一批违法违规网站、栏目和微信公众账号之时,蓄意引发不满情绪,污蔑指责中国网络空间治理制度”.

Our translation: Jiang Jun said, GreatFire.org is an anti-China website set up by an overseas anti-China organization (1). It has long made groundless charges against Chinese government (2). They (GreatFire.org) timed this incident with an announcement from CAC about the closure of illegal websites, website columns, and public WeChat accounts (3), aiming to incite dissatisfaction and to smear China's cyberspace management system (4).

(1) Three people founded GreatFire.org in 2011 without any help from any external organizations. We were dissatisfied with Internet censorship in China and we decided to fight against it. We are not anti-China but we are anti-censorship in China. Please take the time to read more about the history of our organization.

(2) We've been monitoring and writing about Chinese Internet censorship since 2011. In fact, the main purpose of GreatFire.org is to automatically test internet censorship in China. All of our blog posts are backed up by hard data, collected from automatic testing, manual testing and user reports. As mentioned earlier, we have even provided the full raw data on the most recent MITM attack. This evidence is far from being “groundless”.

(3) Unless you are accusing us of staging this attack, how is it possible that we can "time" the MITM attack with your announcements? Microsoft has confirmed that there was an attack - we simply reported on it in a timely fashion. In fact, this timing provides some indication that CAC is indeed behind the MITM attack. Perhaps the closing of WeChat accounts and the attack on Outlook were part of the same plan?

(4) We do agree on one thing and that is that we are "aiming to incite dissatisfaction and smear China's cyberspace management system". We are here to watch what you are doing, to criticise you when you are wrong and to end online censorship in China. And we are encouraging netizens and companies alike to fight against GFW and Chinese internet censorship in general. We've called for Microsoft, Apple and others to immediately revoke trust for CNNIC certificate authority. Your continued MITM attacks, your denial of your involvement in these attacks, and your baseless accusations against us are only adding to the urgency of revoking trust for CNNIC.

We have also noted that you have instructed Chinese media to discontinue mentions of us in the Chinese press, after you labeled us as “anti-China”. However, no matter what censorship measures you put in place, our voice will continue to be heard by state media, including this mention in the Global Times:

"The Great Firewall is blocking the VPN on the protocol level. It means that the firewall does not need to identify each VPN provider and block its IP addresses. Rather, it can spot VPN traffic during transit and block it," one of the founders of an overseas website which monitors the Internet in China told the Global Times Thursday via e-mail.

We look forward to receiving an apology from you for your groundless slander against us; your “wild guesses and malicious blemishes" will not help solve cyber issues.

Sincerely,

The Team at GreatFire.org


 

 

Comments

More Blog Posts

Subscribe to our mailing list
Show content from Blog | Google+ | Twitter | All. Subscribe to our blog using RSS.

Thu, Nov 30, 2017

About those 674 apps that Apple censored in China

Apple opened the door on its censorship practices in China - but just a crack.

Tue, May 23, 2017

Is China establishing cyber sovereignty in the United States?

Last week Twitter came under attack from a DDoS attack orchestrated by the Chinese authorities. While such attacks are not uncommon for websites like Twitter, this one proved unusual. While the Chinese authorities use the Great Firewall to block harmful content from reaching its citizens, it now uses DDoS attacks to take down content that appears on websites beyond its borders. For the Chinese authorities, it is not simply good enough to “protect” the interests of Chinese citizens at home - in their view of cyber sovereignty, any content that might harm China’s interests must be removed, regardless of where the website is located.

And so last week the Chinese authorities determined that Twitter was the target. In particular, the authorities targeted the Twitter account for Guo Wengui (https://twitter.com/KwokMiles), the rebel billionaire who is slowly leaking information about corrupt Chinese government officials via his Twitter account and through his YouTube videos. Guo appeared to ramp up his whistle-blowing efforts last week and the Chinese authorities, in turn, ramped up theirs.

via https://twitter.com/KwokMiles/status/863689935798374401

Mon, Dec 12, 2016

China is the obstacle to Google’s plan to end internet censorship

It’s been three years since Eric Schmidt proclaimed that Google would chart a course to ending online censorship within ten years. Now is a great time to check on Google’s progress, reassess the landscape, benchmark Google’s efforts against others who share the same goal, postulate on the China strategy and offer suggestions on how they might effectively move forward.

flowers on google china plaque

Flowers left outside Google China’s headquarters after its announcement it might leave the country in 2010. Photo: Wikicommons.

What has Google accomplished since November 2013?

The first thing they have accomplished is an entire rebranding of both Google (now Alphabet) and Google Ideas (now Jigsaw). Throughout this blog post, reference is made to both new and old company names.

Google has started to develop two main tools which they believe can help in the fight against censorship. Jigsaw’s DDoS protection service, Project Shield, is effectively preventing censorship-inspired DDoS attacks and recently helped to repel an attack on Brian Krebs’ blog. The service is similar to other anti-DDoS services developed by internet freedom champions and for-profit services like Cloudflare.

Thu, Nov 24, 2016

Facebook: Please, not like this

Facebook is considering launching a censorship tool that would enable the world’s biggest social network to “enter” the China market. Sadly, nobody will be surprised by anything that Mark Zuckerberg decides to do in order to enter the China market. With such low expectations, Facebook is poised to usurp Apple as China’s favorite foreign intelligence gathering partner. If the company launches in China using this strategy they will also successfully erase any bargaining power that other media organizations may hold with the Chinese authorities.

Tue, Jul 05, 2016

GreatFire.org 现在开始测试VPN在中国的速度和稳定性

在中国有一个普遍观念,如果你有一个可以使用的VPN,那么你应该保持沉默。就信息自由而言,这种观念的问题在于获取知识竟成了一种秘密。今天,我们推出一个项目,希望能够摧毁这种模型。

我们最新的网站,翻墙中心,目的在于实时提供那些能够在中国使用的翻墙方案的信息和数据。在2011年以来我们就已经开始收集在中国被屏蔽的网站,现在我们也将增加那些可用的VPN和其他翻墙工具。

我们发布翻墙中心主要有四个目的。

我们的首要目标是助长使用翻墙工具的国人的数量。通过分享我们这些工具的信息和数据,我们希望对更广泛的受众展示那些工具时可以使用的。

我们的第二个目标是通过带来工具性能的透明化来提升中国用户的翻墙体验。我们将会测试工具的速度(流行网站的加载速度)和稳定性(流行网站加载成功的程度)。

我们开发速度测试的目的是要真实反映用户的体验。当用户在网站测速时,浏览器在后台会从10个世界上最流行的网站上下载一些资源文件。根据Alexa排名,这些网站分别是Google, Facebook, YouTube, Baidu, Amazon, Yahoo, Wikipedia, QQ, Twitter and Microsoft Live。速度的结果是简单的计算下载文件文件的大小和下载所需的时间。我们同样也会验证下载的文件是否完整。如果文件的内容是错误的或者在40秒内无法完成下载,我们会标记为失败。这个数据被我们用来生成另一个重要指标-稳定性。

其他的速度测试工具仅仅是通过发送数据到它们自己的服务器来测量上传和下载的速度。这种数据无法反应用户的体验,因为正常的浏览器通常会频繁的发送一系列的请求(而不是上传或下载一个大文件)到许多的服务器,而不止是一个。

我们的第二个指标 - 稳定性 - 是其他的服务通常不会测试的。一个健康的互联网连接应该达到100%的稳定性,除非有人在测试中把网线拔了。但是在中国使用翻墙工具却不是这样。任何时候连接都有可能变得不稳定或十分缓慢。根据请求的大小,最终的地点和代理的方式,一些请求有可能会失败。比较服务的稳定性要比比较速度更加重要。

你可以测试任意的翻墙工具,列表之外的也可以。中国的VPN用户也可以测试他们的工具,测试结果也会添加到数据库中。这些数据都将会对所有人开放。实时的在中国测试是非常重要的,因为VPN随时都可能被封锁或解封。我们欢迎任何的关于测试过程的反馈。有技术能力的用户也可以通过审查我们的javascript代码来获悉我们的测试是如何工作的。

我们郑重的邀请翻墙工具的开发者们向我们提供测试过程的反馈。我们的第三个目标是帮助这些开发人员改进他们的产品,让更多的选择适用于中国的顾客。此外,越多的工具可以工作,就意味着中国当局对翻墙的打击就会越难。

中国的用户都知道,在过去的18个月中当局加紧了对翻墙工具的攻击。而翻墙中心将会吹响反击的号角。反其道而行之,让这不再成为秘密。我们要鼓励人们分享翻墙工具可以工作的信息。

我们的第四个目标就是要为GreatFire.org创造收益。目前GreatFire仍然依靠世界各地的热心人士和组织的捐款。我们希望减少对这些机构的依赖,并探寻GreatFire.org自给自足的道路。用户只需到翻墙中心就能购买任意一款我们目前在测试的付费工具。GreatFire将作为这些工具在中国的经销商,因此VPN供应商会给予我们每个零售的一部分。用户也不必在中国购买这些翻墙服务。

Subscribe to our blog using RSS.

Comments

恭喜greatfire.org获得国家级 “反华” 认证。 加油!

鄙视那些个发言人

Great letter. Look forward to hearing if there's a response, though I think we all know how likely that is.

加油

加油

visitor of this site, so keep posting for us,

click the below links to create backlink
best free backlink website then click.
msg movie

thank for sharing Ontips-in

thanks for this post, keep it up for updating us, i am waiting for ur new article.

thanks again
IPL8 live stream 2015

Its like you read my mind! You appear to know so much about this, like you wrote the bolok in it or something.
I think that you can do with some pics to drive the message home
a bit, but instead of that, this is excellent blog.
A great read. I will certainly be back.

Here is my webpage: perdre du poids rapidement (Quentin)

hello friends, here we are represent latest collection of palm sunday images thanks

Thanks for this post and i will be waiting for another

happy mothers day 2015
happy mothers day
mothers day 2015

这个网站并不那么反华,比无国界记者好多了。无国界纯粹是为了反对而反对。

Hi! This is kind of off topic but I need some advice from an established blog.
Is it tough to set up your own blog? I'm not very techincal but I can figure
things out pretty fast. I'm thinking about making my own but I'm not sure
where to begin. Do you have any ideas or suggestions?
With thanks

My site Backlinks

那么网信办回复了你们吗?

good Share what you're watching and just what feels you more interested https://mobdrodownloads.com Using below link you can download Mobdro 1.2.446 APK 2015.nice.

You can see more at Three people founded GreatFire.org in 2011 without any help from any external organizations. We were dissatisfied with Internet censorship in China and healthoffset.com decided to fight against it. We are not anti-China but we are anti-censorship in China. Please take the time to read more about the history of our organization

good to date functions such as songs streaming, showbox as well as set up the apk variation of Showbox application. best.

So if you want to view you fevorite TV shows like https://iterrariumtv.com which is readily available for Android as well as.

You can easily check modem settings with https://www.192-168-l-l.net/ and router setup also.

tubidy tunes most recent included mp3s by tubidy mp3 tracks. tubidy.mobi would certainly be much better referred as the heaven for

else method to install your TV gamer on IOS.However, You TV Player you TV player is out Google play store as well as you have.

Yep! Hope Mr Lu Wei see this letter! He should read it and understand how many difficulties he cause for the users around China. instagram online Thank you for writing the letter!

I am from bangladesh. want to communicate Mr.Lu wei.important.please help guys..my email k.iftakhar@yahoo.com thanks

Add new comment

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
By submitting this form, you accept the Mollom privacy policy.