Subscribe to our mailing list
Show content from Blog | Google+ | Twitter | All. Subscribe to our blog using RSS.

Wed, Mar 04, 2015

Twitter: GreatFireChina RT @trevortimm: Obama rips China for trying to force tech companies to install backdoors. Maybe he should talk to the FBI & NSA too. http:/… retweet

Tue, Mar 03, 2015

Twitter: GreatFireChina RT @reportfromNL: Fascinating online map showing cyberattacks happening worldwide right now. Not very interactive though -
Twitter: GreatFireChina Atmosphere of fear expected to dominate China's annual parliament retweet
Twitter: GreatFireChina great story about censorship and sensitivities in China: Travels with My Censor via @peterhessler retweet
Twitter: GreatFireChina RT @getlantern: .@CTechFestival android developers! Come help build a blocking resistant @twitter app powered by lantern! #CTFestival http:… retweet
Twitter: GreatFireChina RT @the_intercept: Worried about surveillance on your smartphone? You should download these encryption apps: http://… retweet
Twitter: GreatFireChina Does your school / workplace / government network block certain websites? Circumvent with this Android app retweet
Twitter: GreatFireChina Are you a foreigner planning to visit China? You have to download this app retweet
Twitter: GreatFireChina RT @jonrussell: Avast confirmed that its antivirus service and website are blocked in China -- latest victim of the Great Firewall http://t… retweet
Twitter: GreatFireChina RT @avast_antivirus: @oiax Hello. We are aware that Avast is being blocked in China and are currently investigating the situation. We will … retweet
Twitter: GreatFireChina Antivirus Maker Avast blocked in China and Symantec and Kaspersky Lab removed from the list for state organizations retweet

Mon, Mar 02, 2015

Twitter: GreatFireChina Antivirus Maker Avast Is Latest Overseas Tech Firm Blocked In China via @techcrunch retweet
Twitter: GreatFireChina RT @niubi: Xinhua officially launches global social media presence - Xinhua retweet
Twitter: GreatFireChina As another VPN falls, our free Android browser app, with built-in VPN, continues to run undisturbed retweet
Twitter: GreatFireChina RT @RTKcn: RT @cosbeta: 谁来拍一个 《万维之上》 纪录片,纪录丧心病狂的DNS污染。 retweet
Twitter: GreatFireChina . @avast_antivirus famous anti-virus software company blocked in China. highlighting GFW as a trade sanction retweet

Mon, Jan 26, 2015

An Open Letter to Lu Wei and the Cyberspace Administration of China

January 26, 2015

Beijing, China


Mr. Lu Wei

Director of the Cyberspace Administration of the People’s Republic of China 中央网络安全和信息化领导小组办公室主任

Director of the State Internet Information Office 国家互联网信息办公室主任

Deputy Director of the Central Propaganda Department of the Chinese Communist Party 中共中央宣传部副部长

Cyberspace Administration of China,

Floor 1, Building 1,

Software Park, Chinese Academy of Sciences,

4 South 4th Street, Zhongguancun,

Beijing, China, 100190


Dear Mr. Lu,

On January 22, 2015, the Cyberspace Administration of China (CAC), which is under your direct control, wrote a response to a story we published about an MITM attack on Microsoft. In the post, your colleague, Jiang Jun, labelled our accusations as "groundless" and  "unsupported speculation, a pure slanderous act by overseas anti-China forces".

We at take great offense to these comments and we will refute them in this letter.

Mon, Jan 19, 2015

Outlook grim - Chinese authorities attack Microsoft

On January 17, we received reports that Microsoft’s email system, Outlook (which was merged with Hotmail in 2013), was subjected to a man-in-the-middle (MITM) attack in China.

The following screenshot shows what happens when a Chinese user accesses Outlook via an email client (in this case, Ice-dove):

We have tested Outlook to verify the attack and have produced the same results. IMAP and SMTP for Outlook were under a MITM attack. Do note however that the web interfaces ( and ) were not affected. The attack lasted for about a day and has now ceased.

This form of attack is especially devious because the warning messages users receive from their email clients are much less noticeable than the warning messages delivered to modern browsers (see screenshot at the end of this post for comparison).

(Sample error message from default iPhone mail client)

Fri, Jan 09, 2015

GFW upgrade fail - visitors to blocked sites redirected to porn

In the past, the Chinese authorities’ DNS poisoning system would direct Chinese internet users who were trying to access Facebook, Twitter and other blocked websites (without the use of a circumvention tool) to a set of fake IP addresses that are blocked in China or are non-existent. After waiting for some time, Chinese internet users would receive a timeout message if they were trying to access a blocked site.

However, with the new DNS poisoning system, in addition to those IP addresses used before, the Chinese authorities are using real IP addresses that actually host websites and are accessible in China. For example, shows that if a user tries to access Facebook from China, they might instead land on a random web page, e.g.

Below is a screenshot by a Chinese user when he was trying to access our website which was blocked in China. He was redirected to a goverment site in Korea. In essense, GFW is sending Chinese users to DDOS the Korea government's website.

One Chinese Internet user reported to us that when he tried to access Facebook in China, he was sent to a Russian website, unrelated to Facebook. Another user tweeted that he was redirected to an German adult site when he tried to access a website for a VPN.

某墙你这什么意思,DNS 污染返回给我一个德国工口站的 IP,满屏很黄很暴力弹弹弹(

— nil (@xierch) January 4, 2015

Wed, Dec 31, 2014

CNNIC leadership change coincides with blocking of Gmail

On December 26, 2014, in an announcement posted on their website, a new chairperson for CNNIC was directly appointed by the Cyberspace Administration of China. The announcement of this appointment coincided with the complete blocking of Gmail.

Cyberspace Administration of China (中央网信办) is chaired by Lu Wei, “China’s web doorkeeper”. Lu Wei is also the vice chair of the Central Propaganda Department, according to his official resume.


This office is directly responsible for the blocking of Gmail and other websites including Facebook, Twitter and Google.

CNNIC is China’s certification authority and operates the country’s domain name registry. 

What are certificates used for?

Certificates are used primarily to verify the identity of a person or device, authenticate a service, or encrypt files. 

What is a certification authority (CA)?