Anonymity and Privacy Behind Golden Shield - PowerPoint PPT Presentation

1 / 36
About This Presentation
Title:

Anonymity and Privacy Behind Golden Shield

Description:

Several hundred patrolmen BBS owners chat room hosts ... Cisco, Nortel, Sun, Motorola. So have the popular service providers ... – PowerPoint PPT presentation

Number of Views:106
Avg rating:3.0/5.0
Slides: 37
Provided by: sumansri
Category:

less

Transcript and Presenter's Notes

Title: Anonymity and Privacy Behind Golden Shield


1
Anonymity and Privacy Behind Golden Shield
  • Exploring the Great Firewall of China and
    Related Anonymity and Privacy Issues

Suman Srinivasan
2
Contents
  • Why am I interested?
  • Chinas Internet Infrastructure
  • Web of Surveillance
  • Inside China Internet Kiosks, Chat rooms
  • Proxy servers and Trojans
  • Internet Filtering
  • DNS Hijacking and Root Name Servers
  • Kowtowing Western Companies
  • Overcoming the Blockade

3
Why am I Interested?
  • Am a practitioner of Falun Gong, persecution of
    which has made international headlines
  • Dr. Wang Wenyis protest at the White House
  • Organ removal from live practitioners in labor
    camps
  • Know friends whove been persecuted in Chinese
    labor camps

4
Introduction to Chinas Internet
  • The "China problem" is the extreme example of an
    anonymity and anti-censorship system a global
    active adversary with a lot of manpower and
    money, and severe penalties to discourage people
    from trying.
  • Tor FAQ TOR

5
The Infrastructure
  • Highly centralized, with three layers in
    ring-like fashion Spectrum
  • Innermost ring Core routers in 8 cities provide
    only connection to outside world
  • Middle ring Metropolitan Area Network
  • Outermost ring All the remaining routers
  • CCP controls core routers and hence
    international traffic

6
The Infrastructure
  • Built with help from American network companies
  • Nortel which helped FBI with Operation Root
    Canal in 90s transferred technology to China
  • Promised personalized tracking filters
  • High-end Internet (as well as video) surveillance
    equipment Gutmann

7
The Infrastructure
  • Cisco brochures from China Information
    Infrastructure Expo in December 2002 Gutmann
  • A Chinese policeman or PSB agent using Cisco
    equipment can remotely access the suspects
    danwei or work unit, thereby accessing reports on
    the individuals political behavior and family
    history.
  • The Cisco salesman confirmed that the Chinese
    police could even remotely check if the suspect
    had built or contributed to a website in the last
    three months, access the suspects surfing
    history, and read his email. It was just a
    question of bandwidth.

8
The Infrastructure
Cisco brochure at China Information
Infrastructure Expo
9
Servers Blocked The Cisco Connection
  • Project C ProjectC shows that connections to
    blocked website (Human Rights Watch) go through a
    certain router in China
  • That certain router is made by Cisco verified
    through using nmap program to check open ports

10
Web of Surveillance
  • Initially, Internet was barely filtered in China
  • But October 2000 CCP orders ISPs to hold
    Chinese Internet data including phone numbers
    and surfing history for 60 days Gutmann
  • January 2001 Internet transfer of state
    secrets prohibited
  • March 2001 Chat rooms begin self-censorship

11
Web of Surveillance
  • April 2001 Democracy activists using web are
    arrested
  • In Jan 2001, Jiang Yonghong, 34-year old engineer
    at Chengdu, was arrested at an Internet kiosk for
    viewing a Falun Gong website FalunInfo
  • He was sentenced to forced labor but beaten to
    death in a detention center before he could serve
  • E-mail to Tibet takes 3 days Falun Gong e-mail
    is completely eradicated Gutmann

12
Web of Surveillance
  • March 2002 CCP requires all Internet companies
    to sign self-pledge document to not post
    information that would not jeopardize state
    security or disrupt social stability
  • 300 Chinese companies - and Yahoo! were the
    first to sign on

13
Chinas Internet Kiosks
  • CW1 documents censorship in Chinas Internet
    kiosks, chat rooms, etc
  • 2002 All Internet cafés were also forced to
    install "Internet café management software,"
    which automatically records URLs accessed in the
    past 60 days
  • IC card (for user) records the name, address, ID
    card number and other personal information of
    every Internet user.

14
Internet Spies / Big Mamas
  • Internet police force estimate of around
    40,000
  • Several hundred patrolmen BBS owners chat
    room hosts
  • All they do is to look at posts on chat rooms and
    BBS and remove non-conforming posts
  • And perhaps arrest the one who made it

15
What Exactly is Filtered?
  • Harmful material? Answer Depends on CCPs
    definition of harmful
  • Pornography? No
  • Harvard Law School study Zittrain tested 752
    test websites
  • Only 101 (13.4) blocked in China
  • In contrast, 695 (86.2) blocked in Saudi Arabia,
    70 to 90 blocked by commercial filters

16
What Exactly is Filtered?
  • From testimony to US House of Representatives
    Committee on International Relations Harvard2
  • Political content (90 of Nine Commentaries, 82
    of sites with a derogatory version of Jiang
    Zemins name)
  • Falun Gong (44 73, in both English and
    Chinese)
  • Opposition political parties (more than 60)
  • Tiananmen Square protest of June 4, 1989 (90 of
    sites related to the search term Tiananmen
    massacre)
  • Virtually all content on the BBC and CNN

17
Nine Commentaries
  • Book published in late 2004 by the Chinese
    edition of The Epoch Times NineCommentaries
  • Strongly detailed and critical view of CCPs
    history
  • More importantly has led millions of Chinese
    people to quit the Party online
  • Which is why the CCP is so dead set on blocking
    the publication online

18
Reflects Why CCP Censors
  • Because it wants Chinese citizens to believe its
    disinformation
  • One Hall, One Voice The Party is great,
    glorious and correct
  • State-controlled media that
  • Extol glory of the Party and dont address
    problems
  • Attack human rights groups and critics
  • Propagate hatred against its critics
  • This is what the CCP wants to control the mind
    of its citizens

19
Packet Filtering
  • Open Net Initiative study on Chinese search
    engines OpenNetInitiative
  • Connection to yisou.com
  • telnet 202.43.217.94 80Trying
    202.43.217.94...Connected to 202.43.217.94.Escap
    e character is ''.GET /falun
    HTTP/1.0Connection closed by foreign host.
  • Connection simply lost no HTTP headers
  • More access blocked for some time
  • What happened?

20
Packet Filtering
  • RST packet is being sent back to the user
  • Host then advertises a ZeroWindow size
  • Another request transmission cannot be made until
    the host advertises a non-zero window size

21
DNS Hijacking
  • October 2002 Dynamic Internet Technology found
    unprecedented number of domain name hijackings
    - largest web site hijacking activity in
    history DIT1
  • Working
  • DNS records spoofed in name servers all over
    China
  • Records of most popular forbidden sites
    redirected to single IP address, blocked in China
    at international gateway level
  • Address chosen 64.33.88.161 falundafa.ca
    website

22
DNS Hijacking
  • Why? This address is blocked at international
    gateway
  • Previously, blocked websites would switch their
    IP address, enabling them to circumvent filter
  • Now, all of them resolve to one certainly blocked
    website
  • September 2002 Google users were redirected to
    other Chinese search websites Harvard3

23
DNS Hijacking
24
Root Name Servers
  • There are already two root name servers in
    Beijing, operated by ISC (2003) and Autonomica
    (2005) APNIC
  • Last year at the World Summit on Internet Society
    in Tunisia, the US had to fight back bid (led by
    China) to wrest root server ownership from ICANN

25
Root Name Servers
  • This is what the Chinese say. Users do not
    navigate anymore under the ICANN root. But they
    do not create a root. They just do not use a root
    anymore. This closes the dispute between
    authoritative and alternative roots.
  • Details on how China already has TLD-configured
    servers
  • Thread on ietf_at_ietf.org IETFMailingList

26
Kowtowing
  • Already shown how network hardware players have
    jumped into Communist Partys ship
  • Cisco, Nortel, Sun, Motorola
  • So have the popular service providers
  • Yahoo!, Google, Microsoft, AOL, Skype

27
Kowtowing Yahoo!
  • Reporters Without Borders has obtained a copy of
    the verdict in the case of Jiang Lijun, sentenced
    to four years in prison in November 2003
    showing that Yahoo! helped Chinese police to
    identify him. It is the third such case,
    following those of Shi Tao and Li Zhi...
  • April 19, 2006 RSF-Yahoo

28
Kowtowing Others
  • Microsoft MSN Spaces
  • "Prohibited language in text, please delete
    message for words containing "democracy,"
    "freedom" and "human rights on blogs
  • Google
  • Google.cn blocks sensitive information and
    happily caters to CCP self-censorship What if
    Chinese dissidents used GMail?
  • Skype
  • Skype's chief executive Niklas Zennstrom told
    the FT in an interview that the company had
    censored text messages containing words like
    "Falun Gong" - a banned religious group - and
    "Dalai Lama. April 18, 2006 FT-Skype

29
Dissent and Knowledge
  • Is it possible to break the firewall?
  • Proxies are still possible, but
  • The CCP has ways to filter them out
  • Dissidents - and Falun Gong are working around
    it to give Chinese people a chance to look at
    news from the outside
  • Often using non-technical exploits such as
    spelling words differently

30
Can We Use Proxy Servers?
  • In use before 2001
  • But after, blocked successfully
  • Internet police would just block advertised
    proxies, as well as websites advertising proxies
  • If user found one and it was detected, that would
    be banned too

31
UltraReach A New Hope?
  • Described in UltraReach
  • GIFT technology, does not rely on open-relay
    proxy
  • Survived IP blocking, DNS hijacking, DOS attacks
  • Software is a proxy, runs as a plugin for
    Internet Explorer
  • Allows one to browse, while looking for proxies
    in background

32
UltraReach 6.0
33
UltraReach packets
Ethereal packet snapshot taken today (April 27th)
at 3 pm while using UltraSurf
34
Conclusion
  • Presented background about Golden Shield, also
    known as the Great Firewall of China
  • How China increasingly important player in
    world affairs is denying its citizens right to
    privacy, anonymity and freedom
  • Is there hope? Maybe

35
References
  • TOR The Onion Router / Tor FAQhttp//wiki.norep
    ly.org/noreply/TheOnionRouter/TorFAQ
  • Gutmann Ethan Gutmann, Losing the New China,
    Encounter Books, 2003
  • Spectrum, Steven Cherry, The Net Effect As
    China's Internet gets a much-needed makeover,
    will the new network promote freedom or curtail
    it?, IEEE Spectrum, June 2005
  • FalunInfo Falun Dafa Information Center, Police
    Brutality Claims Four More Falun Gong Lives in
    China, http//www.faluninfo.net/displayAnArticle.a
    sp?ID5328
  • CW1 Yuan Ye, Exposing the Illegal Monitoring of
    the Internet by the Public Information Internet
    Monitoring Bureau, http//clearwisdom.net/emh/arti
    cles/2004/6/12/49130.html
  • CIAC Computer Incident Advisory Capability,
    http//www.ciac.org/ciac/bulletins/j-032.shtml
  • TheRegister1 The Register, Chinese Feds demand
    computer virus samples, http//www.theregister.co.
    uk/2001/04/03/chinese_feds_demand_computer_virus/
  • Zittrain Jonathan Zittrain and Benjamin
    Edelman, Internet Filtering in China, IEEE
    Internet Computing, March 2003
  • Harvard1 Jonathan Zittrain and Benjamin
    Edelman, Empirical Analysis of Internet Filtering
    in China, http//cyber.law.harvard.edu/filtering/c
    hina/
  • Harvard2 John G. Palfrey, Testimony to US House
    of Representatives Committee on International
    Relations, http//blogs.law.harvard.edu/palfrey/st
    ories/storyReader1063
  • NineCommentaries The Epoch Times, Nine
    Commentaries on the Communist Party,
    http//www.ninecommentaries.com/
  • ProjectC Nart Villeneuve, Project C,
    http//www.chass.utoronto.ca/citizenl/assets/arti
    cles/ProjectC-r1.pdf

36
References
  • OpenNetInitiative OpenNet Initiative, Probing
    Chinese search engine filtering,
    http//www.opennetinitiative.net/bulletins/005/
  • DIT1 Bill Xia of Dynamic Internet Technology,
    Forbidden sites hijacked all over China,
    http//www.dit-inc.us/report/hj.htm
  • Harvard3 Replacement of Google with Alternative
    Search Systems in China Documentation and Screen
    Shots, http//cyber.law.harvard.edu/filtering/chin
    a/google-replacements/
  • APNIC Root Servers in China, http//www.apnic.ne
    t/services/rootserver/beijing.html
  • IETFMailingList Jefsey Morfin, Beyond China's
    independent root-servers -- Expanding and Fixing
    Domain Notation, http//www.mhonarc.org/archive/h
    tml/ietf/2006-03/msg00038.html
  • RSF-Yahoo Reporters sans frontières, US
    companys collaboration with Chinese courts
    highlighted in Jiang Lijun case,
    http//www.rsf.org/article.php3?id_article17180
  • FT-Skype Financial Times, Skype Says Text
    Messages Are Censored In China,
    http//news.ft.com/cms/s/875630d4-cef9-11da-925d-0
    000779e2340.html
  • UltraReach www.ultrareach.com
Write a Comment
User Comments (0)
About PowerShow.com