An Open Letter to Lu Wei and the Cyberspace Administration of China

January 26, 2015

Beijing, China


Mr. Lu Wei

Director of the Cyberspace Administration of the People’s Republic of China 中央网络安全和信息化领导小组办公室主任

Director of the State Internet Information Office 国家互联网信息办公室主任

Deputy Director of the Central Propaganda Department of the Chinese Communist Party 中共中央宣传部副部长

Cyberspace Administration of China,

Floor 1, Building 1,

Software Park, Chinese Academy of Sciences,

4 South 4th Street, Zhongguancun,

Beijing, China, 100190


Dear Mr. Lu,

On January 22, 2015, the Cyberspace Administration of China (CAC), which is under your direct control, wrote a response to a story we published about an MITM attack on Microsoft. In the post, your colleague, Jiang Jun, labelled our accusations as "groundless" and  "unsupported speculation, a pure slanderous act by overseas anti-China forces".

We at take great offense to these comments and we will refute them in this letter.

We do not level accusations against CAC lightly. We took great lengths to provide data collected during the attack to back up our claims. Multiple reports confirmed our analysis, including screenshots and tests posted by Chinese internet users as well as independent analysis from security experts.

We have reported on previous MITM attacks against iCloud, Yahoo, Microsoft and Google, all of which have been confirmed by the respective companies. We have also asked independent security experts to examine the data we or Chinese users captured during each MITM attack. Please see the independent data analysis in each instance here: Outlook, iCloud, Google, Yahoo, Github. In each case the conclusions are similar:

Our conclusion is that this was a real attack on Microsoft's email service. Additionally, the attack is very similar to previous nationwide Chinese attacks on SSL encrypted traffic, such as the attack on Google a few months ago.   

Two independent security experts contacted by Reuters said GreatFire's report appeared credible.

"All the evidence I've seen would support that this is a real attack," said Mikko Hypponen, chief research officer at security software developer F-Secure.

To be more specific, it appears as if the MITM attacks are being performed on backbone networks belonging to China Telecom (CHINANET) as well as China Unicom.  

All evidence indicates that a MITM attack is being conducted against traffic between China’s nationwide education and research network CERNET and

The fact that the MITM machine was six hops away from the user indicates that the MITM is taking place at some fairly central position in China's internet infrastructure, as opposed to being done locally at the ISP.

We have noted your department's denial of involvement in the Outlook MITM attack. However, Jiang Jun acknowledges that an attack took place. We assume that by proclaiming your innocence, you believe that others are responsible for the attack.

If CAC is not responsible for the attack, nor complicitly letting it happen, can you please explain how “hostile forces” can tap into the backbone of Chinese Internet and implement nationwide MITM attacks six times over the past two years?

Why did CAC not launch an investigation after you denied any involvement in a MITM attack against Apple’s iCloud in October, 2014? Do note that your colleague Mr. Jiang states:

The Chinese government is a staunch advocate for cyber security and stands firmly against any sort of cyber attack. China will crack down on online offensive maneuvers initiated in China and those launched via Chinese Internet infrastructure in line with law.

Can you please explain, Mr. Lu, how CAC has cracked down on these “offensive maneuvers”? How come your department is censoring reports about this attack and even stories that appear in state media, including People's Daily?

Mr. Jiang also makes several accusations about, all of which we would like to address in this letter.


Our translation: Jiang Jun said, is an anti-China website set up by an overseas anti-China organization (1). It has long made groundless charges against Chinese government (2). They ( timed this incident with an announcement from CAC about the closure of illegal websites, website columns, and public WeChat accounts (3), aiming to incite dissatisfaction and to smear China's cyberspace management system (4).

(1) Three people founded in 2011 without any help from any external organizations. We were dissatisfied with Internet censorship in China and we decided to fight against it. We are not anti-China but we are anti-censorship in China. Please take the time to read more about the history of our organization.

(2) We've been monitoring and writing about Chinese Internet censorship since 2011. In fact, the main purpose of is to automatically test internet censorship in China. All of our blog posts are backed up by hard data, collected from automatic testing, manual testing and user reports. As mentioned earlier, we have even provided the full raw data on the most recent MITM attack. This evidence is far from being “groundless”.

(3) Unless you are accusing us of staging this attack, how is it possible that we can "time" the MITM attack with your announcements? Microsoft has confirmed that there was an attack - we simply reported on it in a timely fashion. In fact, this timing provides some indication that CAC is indeed behind the MITM attack. Perhaps the closing of WeChat accounts and the attack on Outlook were part of the same plan?

(4) We do agree on one thing and that is that we are "aiming to incite dissatisfaction and smear China's cyberspace management system". We are here to watch what you are doing, to criticise you when you are wrong and to end online censorship in China. And we are encouraging netizens and companies alike to fight against GFW and Chinese internet censorship in general. We've called for Microsoft, Apple and others to immediately revoke trust for CNNIC certificate authority. Your continued MITM attacks, your denial of your involvement in these attacks, and your baseless accusations against us are only adding to the urgency of revoking trust for CNNIC.

We have also noted that you have instructed Chinese media to discontinue mentions of us in the Chinese press, after you labeled us as “anti-China”. However, no matter what censorship measures you put in place, our voice will continue to be heard by state media, including this mention in the Global Times:

"The Great Firewall is blocking the VPN on the protocol level. It means that the firewall does not need to identify each VPN provider and block its IP addresses. Rather, it can spot VPN traffic during transit and block it," one of the founders of an overseas website which monitors the Internet in China told the Global Times Thursday via e-mail.

We look forward to receiving an apology from you for your groundless slander against us; your “wild guesses and malicious blemishes" will not help solve cyber issues.


The Team at




More Blog Posts

Subscribe to our mailing list
Show content from Blog | Google+ | Twitter | All. Subscribe to our blog using RSS.

Tue, May 23, 2017

Is China establishing cyber sovereignty in the United States?

Last week Twitter came under attack from a DDoS attack orchestrated by the Chinese authorities. While such attacks are not uncommon for websites like Twitter, this one proved unusual. While the Chinese authorities use the Great Firewall to block harmful content from reaching its citizens, it now uses DDoS attacks to take down content that appears on websites beyond its borders. For the Chinese authorities, it is not simply good enough to “protect” the interests of Chinese citizens at home - in their view of cyber sovereignty, any content that might harm China’s interests must be removed, regardless of where the website is located.

And so last week the Chinese authorities determined that Twitter was the target. In particular, the authorities targeted the Twitter account for Guo Wengui (, the rebel billionaire who is slowly leaking information about corrupt Chinese government officials via his Twitter account and through his YouTube videos. Guo appeared to ramp up his whistle-blowing efforts last week and the Chinese authorities, in turn, ramped up theirs.


Mon, Dec 12, 2016

China is the obstacle to Google’s plan to end internet censorship

It’s been three years since Eric Schmidt proclaimed that Google would chart a course to ending online censorship within ten years. Now is a great time to check on Google’s progress, reassess the landscape, benchmark Google’s efforts against others who share the same goal, postulate on the China strategy and offer suggestions on how they might effectively move forward.

flowers on google china plaque

Flowers left outside Google China’s headquarters after its announcement it might leave the country in 2010. Photo: Wikicommons.

What has Google accomplished since November 2013?

The first thing they have accomplished is an entire rebranding of both Google (now Alphabet) and Google Ideas (now Jigsaw). Throughout this blog post, reference is made to both new and old company names.

Google has started to develop two main tools which they believe can help in the fight against censorship. Jigsaw’s DDoS protection service, Project Shield, is effectively preventing censorship-inspired DDoS attacks and recently helped to repel an attack on Brian Krebs’ blog. The service is similar to other anti-DDoS services developed by internet freedom champions and for-profit services like Cloudflare.

Thu, Nov 24, 2016

Facebook: Please, not like this

Facebook is considering launching a censorship tool that would enable the world’s biggest social network to “enter” the China market. Sadly, nobody will be surprised by anything that Mark Zuckerberg decides to do in order to enter the China market. With such low expectations, Facebook is poised to usurp Apple as China’s favorite foreign intelligence gathering partner. If the company launches in China using this strategy they will also successfully erase any bargaining power that other media organizations may hold with the Chinese authorities.

Tue, Jul 05, 2016 now testing VPN speed and stability in China

There is a commonly held belief in China that if you have a VPN that works then you should keep quiet about it. In terms of freedom of access to information, the problem with this approach is that access to knowledge suddenly is a secret. Today we are launching a project that we hope will destroy that model.

Our newest website, Circumvention Central (CC), aims to provide real-time information and data about circumvention solutions that work in China. Since 2011, we have been collecting data about blocked websites in China and now we will add data about the effectiveness of VPNs and other circumvention tools.

We are launching CC with four main objectives in mind.

Our first objective is to help to grow the number of Chinese who circumvent censorship restrictions in China. By sharing our information and data about these tools, we hope to show a wider audience which circumvention tools are working.

Our second objective is to improve the circumvention experience for users in China by bringing transparency to tool performance. We will measure these tools on speed (how quickly popular websites are loaded) and on stability (the extent to which popular websites load successfully).

Sat, May 07, 2016

The New York Times vs. The Chinese Authorities

Could the New York Times be setting the best path forward for news organizations in China?
Subscribe to our blog using RSS.


恭喜greatfire.org获得国家级 “反华” 认证。 加油!


Great letter. Look forward to hearing if there's a response, though I think we all know how likely that is.



visitor of this site, so keep posting for us,

click the below links to create backlink
best free backlink website then click.
msg movie

thank for sharing Ontips-in

thanks for this post, keep it up for updating us, i am waiting for ur new article.

thanks again
IPL8 live stream 2015

Its like you read my mind! You appear to know so much about this, like you wrote the bolok in it or something.
I think that you can do with some pics to drive the message home
a bit, but instead of that, this is excellent blog.
A great read. I will certainly be back.

Here is my webpage: perdre du poids rapidement (Quentin)

hello friends, here we are represent latest collection of palm sunday images thanks

Thanks for this post and i will be waiting for another

happy mothers day 2015
happy mothers day
mothers day 2015


Hi! This is kind of off topic but I need some advice from an established blog.
Is it tough to set up your own blog? I'm not very techincal but I can figure
things out pretty fast. I'm thinking about making my own but I'm not sure
where to begin. Do you have any ideas or suggestions?
With thanks

My site Backlinks


good Share what you're watching and just what feels you more interested Using below link you can download Mobdro 1.2.446 APK 2015.nice.

You can see more at Three people founded in 2011 without any help from any external organizations. We were dissatisfied with Internet censorship in China and decided to fight against it. We are not anti-China but we are anti-censorship in China. Please take the time to read more about the history of our organization

good to date functions such as songs streaming, showbox as well as set up the apk variation of Showbox application. best.

So if you want to view you fevorite TV shows like which is readily available for Android as well as.

You can easily check modem settings with and router setup also.

tubidy tunes most recent included mp3s by tubidy mp3 tracks. would certainly be much better referred as the heaven for

else method to install your TV gamer on IOS.However, You TV Player you TV player is out Google play store as well as you have.

Yep! Hope Mr Lu Wei see this letter! He should read it and understand how many difficulties he cause for the users around China. instagram online Thank you for writing the letter!

Add new comment

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
By submitting this form, you accept the Mollom privacy policy.