| This is the second part of my series on the | | | | failure, but foreign networks and servers |
| Internet in China. I recently returned from | | | | outside of China blindly blocking larger |
| a year teaching at a Chinese University. | | | | parts of China's networks from connecting. |
| During my time in China, I had the pleasure | | | | This included one incident that basically |
| of getting to know the state of the Internet | | | | cutoff service from China to most of Europe |
| in China, both directly and indirectly, | | | | and the United States.An often overlooked |
| through my own use of the Internet and the | | | | aspect of our fight against Spam and |
| classes. In my last article, The Butterfly | | | | malicious activity is our own contribution to |
| Effect Part I: Microsoft, Security, and the | | | | censoring the Internet in China (also by |
| Developing World, I dealt with the effect of | | | | extension other developing nations). What |
| pirated software and security and its impact | | | | seems to have been missed is how we, as |
| on development. In this article, I would like | | | | systems administrators and security |
| to cover my experience of the Chinese | | | | professionals, also are contributing to the |
| Firewall from the inside and the way we | | | | great firewall of China. |
| contribute to censorship in China.Scanning | | | | |
| Chinese networks the old fashion way with | | | | |
| nmap or similar tools struck me as a bit | | | | |
| impolite and potentially illegal. Being on | | | | Here is how it works for those unfamiliar |
| the other side of the wall, I was not going | | | | with the process: Millions of unlicensed, |
| to push my luck too much. However, part of my | | | | unsecured, and unpatched Microsoft desktops |
| teaching duties involved several classes on | | | | across China are turned into zombies networks |
| research writing and basic computer skills. | | | | by the bad guys. Those bot/zombie networks |
| This gave me access to a very effective | | | | attack servers with Spam and malicious |
| network testing tool. Basically, several | | | | activity outside of China. Systems |
| hundred average Chinese University students. | | | | administrators around the world cutoff |
| To get an idea of what the average Chinese | | | | traffic to their network by blocking large |
| experience of the outside Internet world was | | | | blocks of IP addresses in mainland China. The |
| like, I could simply assign my students to | | | | average user inside China attempts to connect |
| retrieve various information from the | | | | to websites outside China on those networks |
| Internet and wait for their reports. For | | | | and fails. This failure to connect, both |
| example, if a site was not reachable from | | | | inside and outside China, is then attributed |
| inside China, I would be quickly inundated by | | | | to the government sensors and the mystic of |
| emails and questions from panic stricken | | | | the firewall is reinforced. The effect is |
| students trying to complete their homework | | | | that the Chinese firewall, if only in part |
| assignments.My total number of students was | | | | and inadvertently, is being reinforced by |
| well over a 1,000 for the length of the | | | | Western democratic countries and companies |
| school year. I could also add to this all the | | | | protecting their systems from China's |
| miscellaneous students, staff, and public | | | | infected computers.Granted, that this is a |
| seminars where I simply referred them to my | | | | very effective method of protecting networks. |
| teaching website (hosted outside of China). | | | | However, it would seem rather hypocritical of |
| That would bring the number to something like | | | | us to cheer for Open Source, the free flow of |
| 2,000 people. About 100-200 in any given week | | | | information, and criticize the Chinese |
| where engaged in some sort of Internet | | | | Governments actions; while at the same time, |
| related project for my classes. My own modest | | | | with a couple dozen key strokes, we restrict |
| teaching site received a little over 5,000 | | | | millions of people from accessing information |
| hits in my time in China. So, through my | | | | they so desperately need to further their |
| classes at the University and other schools | | | | development. Yes, we need to, and should, |
| in Eastern-Central China, I was able to run a | | | | cutoff the spam and bot nets from the |
| sort of ongoing distributed human scan of | | | | Internet; however, it needs to be done with |
| Internet connectivity in China.My informal | | | | more of a scalpel and less of a |
| survey results: | | | | howitzer.Overall, the restrictions on the |
| | | | Internet in China are first and foremost a |
| Of course there is always a few students | | | | function of networks that are overwhelmed by |
| that would, for one reason or another, be | | | | such a rapidly growing user base. One |
| incapable of connecting; however, when a site | | | | estimate puts the NEW Internet users in China |
| could not be accessed at all, I would see my | | | | at over 10,000,000 people a month. Even this |
| student red flag go up quickly. Normally, | | | | is perhaps a low figure. Many of my own |
| within about 24 hours of giving an assignment | | | | students never used the Internet until they |
| it would be obvious that something was wrong. | | | | came to the University. In addition, |
| | | | thousands of inexperienced systems |
| | | | administrators struggle to manage computer |
| | | | systems built and documented for the English |
| My own Internet connection provided to me by | | | | speaking community. Secondly, the |
| the University, as far as I could tell, | | | | restrictions on the free flow of information |
| seemed completely unadulterated and | | | | are a function of the network security |
| functioned as it would in any Western | | | | environment in China. Millions of compromised |
| country. This included access to many news | | | | computers attacking networks inside and |
| sites in Taiwan and Japan. For example, I | | | | outside China, and our inevitable security |
| could access the Gutenberg library, but my | | | | response to them. Finally, I would list the |
| students could not. News sites such as BBC, | | | | real efforts of the authorities to restrict |
| and occasionally CNN, were completely | | | | information. The reality is, China simply |
| unaccessible by me or the students. The | | | | does not have the computing power and |
| Google search engine seemed to do some | | | | expertise to effectively regulate all of the |
| strange things. Both my students and I were | | | | traffic on the Internet. The volume of white |
| able to download, and watch live, the entire | | | | noise alone insures this fact. The most |
| U.S. presidential debate on C-span's website. | | | | effective control methods the authorities |
| Later, we were able to download the | | | | have is the simple psychological intimidation |
| transcripts in both English and Chinese; | | | | associated with showing an ID to use a |
| including the segments where Bush directly | | | | computer in a public Internet cafe. I might |
| criticized China. These were the same | | | | remind the reader that using a computer in a |
| transcripts and video that I later used to | | | | public libraries in the United States also |
| teach debate class at the University. | | | | has similar conditions attached.There are |
| | | | very real controls on the flow of information |
| | | | in China. What needs to be understood is the |
| | | | practical reality for millions of Chinese to |
| On my own Linux computer, I had no problems | | | | access information is far less terrible than |
| connecting to bank websites in New York with | | | | what it is made out to be in Western Press, |
| 128 bit SSL; or connecting by SSH to | | | | at least on a Political level. Increasingly |
| computers in the United States and South | | | | China is becoming more politically open, if |
| America. I also frequently used Skype to | | | | for no other reason than it is a prerequisite |
| make encrypted phone calls to friends and | | | | for a market economy to function correctly. |
| family around the world; Granted, the quality | | | | This will take time. However, on a technical |
| of the connection was at times so poor as to | | | | level, the restrictions are far worse than |
| be unusable. This I would take to be more an | | | | what is recognized outside of China. Because, |
| issue of distance and network quality than | | | | in the final analysis, not being able to |
| censorship. Bittorent and FTP functioned | | | | connect is as bad as not being allowed to |
| normally, including Linux sites hosted in | | | | connect. Charles Spencer in the founder and |
| Taiwan and the United States.The most | | | | of Spencer Global International Consulting |
| surprising source of censorship in | | | | with members in more than 10 countries in |
| China:There were several instances where the | | | | North and South America, Europe, and Asia. |
| red flag on my human Internet scanner went up | | | | Spencer is also editor and Chief designer of |
| to an unusual high level. Students reported | | | | All Southern Chile ( a development project of |
| 100% failure. After investigating the | | | | Spencer Global International Consulting to |
| problem, I discovered that it was not a | | | | promote the South of Chile in English to the |
| firewall restriction or China's own network | | | | World. |