From blocking to botnetCensorship isn't the only problem with China's new Internet blocking software

Share |
Robot hands on computer keyboard

There's chilling Internet news out of China. And as bad as it seems at first glance for human rights and privacy advocates, there could be something more disturbing in the wings.

The Chinese government has announced that, starting in July, it will require all computers sold in China to come with Internet blocking software. The goal, authorities say, is to protect children from pornography.

Given that the software is being created and sold by a company with ties to China's security apparatus, and that China hasn't hesitated in the past to block access to web sites critical of its record on democracy and human rights, the government's critics are understandably skeptical. Software that blocks access to pornography can easily be configured to block access to, say, Amnesty International.

So speculation is rampant that the software, dubbed Green Dam Youth Escort, will be used for censorship or surveillance -- if not immediately, then whenever China's next human rights crisis arises. And while its makers say parents will be able to deactivate Green Dam at will, the government could well be tempted to make using the software mandatory... or at least hard to deactivate, and less than forthright about what content it's blocking and what information it's collecting.

None of that is good news. But consider this.

Any blocking software needs to update itself from time to time: at the very least to freshen its database of forbidden content, and more than likely to fix bugs, add features and improve performance. (Most anti-virus software does this.)

If all the software does is to refresh the list of banned sites, that limits the potential for abuse. But if the software is loading new executable code onto the computer, suddenly there's the potential for something a lot bigger.

Say you're a high-ranking official in the Chinese military. And let's say you have some responsibility for the state's capacity to wage so-called cyber warfare: digital assaults on an enemy's technological infrastructure.

You're idly surfing the web on your home computer late one night, when it starts to automatically download an update. And it occurs to you that, somewhere out there, a single central point is making the decision about what goes into that update.

It strikes you: there's a single backdoor into more that 40 million Chinese computers, capable of installing... well, nearly anything you want.

What if you used that backdoor, not just to update blocking software, but to create something else?

Say, the biggest botnet in history?

A botnet is a network of dozens, hundreds or thousands of computers, all running a particular piece of software that allows them to operate in concert, autonomously. In its most benign form, a botnet is just distributed computing, done with the full knowledge and permission of the computers' owners. If you've ever installed the SETI@home screensaver, you were part of such a botnet -- in this case, helping to sift through radio telescope data to find any sign of intelligent life on other worlds.

But the term is more commonly used to describe a nastier kind of network, where the software is spread by stealth, especially through viruses (the recent Conficker outbreak created a massive botnet). And as you might imagine, that kind of network is used for more malicious ends: sending spam, for instance, or launching huge attacks on other networks.

The larger the botnet, the more devastating those attacks can be. And they can bring down more than just web sites. Conceivably, everything from hospitals to electrical power grids could be targets. That, at least, is the premise behind warnings of cyber warfare.

Now, those warnings are often overblown. And while China has been accused of conducting cyber-warfare -- including incursions into Pentagon systems -- proving the involvement of the government rather than nationalist zealots is difficult at best.

Still, a botnet 40 million strong (plus the installed base already in place in Chinese schools and other institutions) at the beck and call of the military is potentially a formidable weapon. Even if the Chinese government has no intention today of using Green Dam for anything other than blocking pornography, the temptation to repurpose it for military purposes may prove to be overwhelming.

In the past, Western governments have either stood by or even encouraged efforts by activists to help people in China circumvent domestic online surveillance and censorship. One project, Peekabooty, even used distributed computing - a benign botnet - to create a network of outside proxy servers that would allow web surfers living under repressive regimes to access forbidden content freely and privately. (Alex discusses Peekabooty in more detail in her dissertation. Psiphon, a project of the Citizen Lab, carries on Peekabooty's legacy.)

But a botnet within China might be able to use such a network to disguise its own activity, making it harder for targets to defend themselves from attack. Governments that would normally look kindly on a Peekabooty-style initiative now might even look on it as a digital fifth column, and an unacceptable security vulnerability.

You'll notice a lot of mights and coulds in what I'm saying; it would be speculative even if I'd looked at the code behind Green Dam, which I haven't (I'm not holding my breath for the Chinese government to make the code available). And I don't want to feed either the cyber-warfare hype machine or the anti-China sentiment being pushed by self-interested parties.

My point is this: we're excited by the potential of networked conversation and collaboration. It has tremendous potential when control is in the hands of many. But there's a real danger when centralized control intersects with networked power. And those of us who see the positive power and transformative potential of the web need to pay attention to that danger.

Both because we may not like the way governments respond to it (or exploit it), and because we might have solutions of our own to offer. Anyone for a cyber-peace movement?


Geoffrey Kidd says

June 11, 2009 - 12:03pm

Since the software runs on windows, if they activate a botnet, just wait for Patch Tuesday. :)

Joel Johnston says

June 11, 2009 - 12:45pm

There's an awful lot of "what if" in this article.  Not that I'm defending the Chinese censorship effort in any way..  Your article is full of supposition and assumption.  I wouldn't have read this article if it had been titled more accurately "China (or any software publisher,) could possibly (if the stars align properly,) create a botnet IF they wanted to."  I'm personally much more concerned about what the likes of Microsoft "bundles" into its OS to be honest.

Jordan says

June 11, 2009 - 1:02pm

What this article fails to address is the fact that a botnet originating entirely from within China's IP space would be useless.  Simply blacklist the address space, and BLAMMO!  No more botnet troubles.   The reason that DDoS works is because the origin of the attack cannot be easily mapped to a central geographical location.  If all of a sudden, all of the crossborder traffic originating from China became volatile in nature, pull the fiber.  However, I suppose a thorough analysis of the situation is too much to ask for an article based on scaremongering.

Alexandra Samuel says

June 11, 2009 - 1:32pm

Setting aside the advisability of the BLAMMO! scenario -- do we really want to cut hundreds of millions of people off from the Internet? -- you've overlooked Rob's point about Peekabooty-style circumvention tools. Some of the most inspring cases of hacktivism that I examined in my dissertation involved efforts to create tools that enable free access to the Internet by providing proxy access for people in China, Saudi Arabia, and other countries with censoring firewalls. These efforts may have emerged from the developer community, but a bill mandating US government support of censorship circumvention has actually gone before the US Congress.

If Chinese computers are getting around Green Dam by using anti-censorship proxies, they'll slip through your BLAMMO! blacklist and get access the full Internet; whether they'd be able to do that while still remaining part of a botnet is of course pure speculation (as is the possibility for a Green Dam-based botnet itself).

What concerns me is the possibility that a botnet scenario will scare off Congress, the US goverment, and anyone else currently lined up in support of anti-censorship efforts. It's crucial that governments, NGOs and developers continue their efforts in support of Internet freedom, not just with lobbying but with the creation and deployment of proxy tools and other technical supports for people trying to get unfettered access. If anxiety over cyberwafare -- which has been in the headlines ever-more of late -- combines with China's new Green Dam to make people nervous about providing proxy access to people in China, one of the most powerful tools for supporting Chinese human rights will be undermined.


Rob Cottingham says

June 11, 2009 - 3:16pm

First, I think we now have in "BLAMMO!" the definitive brand name for the solution Jordan proposes. Logo submissions and slogans are welcome.

Second, let me expand on Alex's point about cutting off China, because a number of folks have raised that suggestion on the Slashdot thread. It seems to me there are at least two mistaken assumptions that make that option attractive:

  1. We could easily tell if this was an attack conducted or sanctioned by the Chinese government. No, we couldn't. Several past attacks may well have come from nationalist zealots acting independently. And as others have suggested, vulnerabilities in Green Dam may leave it open to exploitation by third parties. (David Eaves made that point to me in conversation last night.) Absent any proof of their involvement, the Chinese government would see quarantining as a provocative act.
  2. The only repercussions of cutting off China would be technical ones. No, they wouldn't. Depending on how you measure it, China has the second- or third-largest economy on the planet, and it's leading the world in growth. Cut off China, and you seriously impair the communications that allow commerce and trade to happen smoothly - and you take a big economic hit. Perhaps even more seriously, you cut off a lot of the conversation between China's people and the rest of the world... the kind of conversation that can help bring about lasting change and reform.

And third, Joel, I've couched this in as many caveats as I have precisely because there's so much fear-mongering going on around China and cyber-warfare. And some speculation is essential around security: anticipating only the threats that have already been proven is the mindset that leads to Maginot Lines.

If you want to discuss what level of speculation is reasonable, I'm certainly up for that conversation. But it's not speculation to call the Chinese government secretive or repressive. And it's not speculation to notice when track is being laid that can carry more than one kind of train.

3xM says

June 12, 2009 - 8:18am

Blacklisting a range as wide as China's IP block won't prevent or mitigate the damage of such a massive DDoS attack, since there will be a huge amount of traffic still originating from that range of addresses. You suggested, as many have, to phisycally disconnect China from the rest of the world, but you have to consider that 'pulling the fiber' might not be the simplest task, since there are more than just technical issues at hand.

Of couse, most of what's being discussed regarding Green Dam software is done so in a purely speculative manner and we can't even tell whether or not there'll be a Green Dam botnet and if the possible malicious activies originating from it we'll be conducted/sanctioned by the Chinese Government.

I don't think cutting a communication medium as important as Internet access from a powerful nation such as China is the solution to a potential future crisis. China's industrial labor is something the West has come to depend on so much that you can't simply cut their access to the global Internet and expect everything to be fine. The idea of disabling their access is as dangerous as their idea of a centralized 'Internet Police': in either case you're delegating authority to some administrative body which hadn't had any recognizable executive status before. Who'll be up to the task of deciding which networks can be connected to the Internet? The US Government? The UN? But isn't the Internet's core administration done independently of any national regulation?

why do i continue to surf? « Unabashed Thoughtcrim says

June 11, 2009 - 3:24pm

[...] news (you call them conspiracy theories, even if they’re documented, admitted, or just plain logical), weird shit that slips into mainstream “news”, tech blogs, and [...]

Sixth SenseS » Censorship isn't the only p says

June 11, 2009 - 4:15pm

[...] See more here: Censorship isn't the only problem with China's new Internet … [...]

Anonymous says

June 12, 2009 - 5:07am

Yeah, "what if" Microsoft decides to leave some backdoors/exploitable vulnerabilities in its software, oh wait, that's right, it does, to the tune of at least a dozen a week (

Tony Smith says

June 12, 2009 - 8:56am

The world is seeing what China means to do through Green Dam software. The world is more freer now,  and any kind of "illegal" censhorship will bring to it the necessary repercussion.

Tony Smith

C says

June 12, 2009 - 11:37am

Um... couldn't that be said of ANY software with an auto update feature? 'What if someone were to hijack Windows Update and chunk in some executable code?' Very unlikely situation. And should something of widespread use get THAT compromised, then someone would likely notice and shit would get fixed (or cleaned in the case of malware).

As others said, I'm not advocating Chinese censorship, but this post is more of a sensational title and the content in relation to it borderlines rubbish.

GranneBlog » Could Green Dam lead to the largest b says

June 13, 2009 - 1:56pm

[...] Rob Cottingham’s “From blocking to botnet: Censorship isn’t the only problem with China’s new Internet blo...” (Social Signal: 10 June 2009): Any blocking software needs to update itself from time to [...]

ctsc says

June 14, 2009 - 4:57pm

I think the article completely misses the point. A botnet is used for disruption, if the chinese gov wanted to disrupt a website they would simply block it instead of attacking the site. An attack can easily be mitigated especially if the offending IPs are localized from one country. Furthermore, if they really were to launch a DoS attack a simple IP scan would reveal the IPs as localized to one country thus fingering the chinese government. The idea of creating a botnet feels like a pointless move with no beneficial goals.

Rob Cottingham says

June 15, 2009 - 1:19pm

ctsc, the goal of cyberwarfare is to actually disrupt or disable a target - not just block it from being accessed from in your home country. And the fact that IPs are localized to a single country doesn't tell you whether the perpetrator is that country's government, an independent individual or group within that country, or an external force manipulating the computers at those IPs from outside the country.

Jeff Young says

June 14, 2009 - 8:22pm

i have a solution for the folks... download Linux.  Linux is a free OS available for almost all computers in many different languages.

Anonymous says

June 16, 2009 - 4:01am

I thought the article was well written and pointed without being accusatory, much less inflammatory. Nevertheless, musn't say anything even remotedly less-than-sunny about China, right? Wouldn't want to hurt anyone's feelings...

As to the code for Green Dam, it's readily available - the code was reverse engineered from something produced by a company called "Solid Oak".Obviously this was a hasty decision on the part of either Green Dam or the govt, and they couldn't be bothered to take the time to write code for a program themselves, so they just shoplifted someone else's. Supposedly the Green Dam software - in original release version - even reported back to Solid Oak's server.

I myself am glad that the initial attempt to get this installed was so clumsy and error-filled. At this point, we are pretty much dependent on the Chinese government making obvious, red-flag snafus when they attempt "censorship" that one wonders what more adept and skillful tricks they've been up to. Imagine if they had successfully loaded such software onto computers and waited a while to start tinkering with it.

jiayou zhongguo~~~~~



¿Está China creando la red zombi más grande del mundo? says

June 26, 2009 - 7:01am

[...] Recientemente el gobierno Chino decidió que todas las computadoras vendidas en China vendrán con un software que actúe como un “filtro de internet“. Suena lógico pensar que en un régimen tan estricto como el de China se tomen estas medidas, pero ese no es el problema, sino que gracias a este software el gobierno Chino podría estar construyendo la red zombi más grande del mundo. [...]

Leave a comment

The content of this field is kept private and will not be shown publicly.

More information about formatting options

Social Signal on...

RSS feedTwitterFacebookGoogle+

Work Smarter with Evernote

Get more out of Evernote with Alexandra Samuel's great new ebook, the first in the Harvard Business Press Work Smarter with Social Media series!

Available on Amazon, iTunes and HBR.

Join Newsletter

Rob on Twitter