Information Warfare: Bing The Avenger Ravages South China


September 2, 2009: Cyber War experts are scrambling to obtain more details on a recent (last June) incident in southern China. There, Internet service over wide areas of the region was unavailable, or severely interrupted, for hours. China has over 300 million Internet users, and a pretty robust Internet. But an angry (at a competitor who had DDOSed his servers) game provider named Bing (no relation to the Microsoft search service), spent $40,000 to hire lots of botnets to shut down their rivals, and gain a bit of revenge.

Renting botnets for DDOS attacks means buying access to hundreds, or thousands, of home and business PCs that have had special software secretly (and illegally) installed. This allows whoever installed the software that turned these PCs into zombies, to do whatever they want with these machines. The most common thing done is to have those PCs, when hooked up to the Internet, to send as many emails, or other electronic messages, as it can. When a lot of administrative messages are sent to a specified website, the site can be shut down. Using lots of zombies (a botnet) for this, the flood of messages becomes a DDOS (Distributed Denial of Service) attack. This happens because so much junk is coming in from the botnet, that no one else can use the web site. In effect, the site is unavailable to the outside world.

But Mr. Bing decided to use a slightly different tactic. He had his botnets DDOS the DNS servers that belonged to the DNSPod company, which provided Internet services for Bing's rivals. DNS (Domain Name Server) servers around the world are a key element of the net. These DNS servers contain the master list of registered domain names and their numerical addresses that all other DNS databases consult. Take enough of them down, and people either cannot, or have to wait a long time, to reach anything on the Internet. And that's what happened here.

By the time Mr. Bing and his three partners turned off their DDOS assault, it was too late. The Internet community in southern China was in an uproar. Usually, the police ignore people, or companies, DDOSing each other. It's a common event in China, especially between business rivals. But bringing down the entire net is not allowed. The Internet service companies were quick to use their technical expertise to track down who was behind it, and soon Bing and his three buddies were under arrest.

What the Cyber War people want to know is exactly how much DDOS was needed to shut down the local Internet. This gets kind of technical, but it involves how the Internet service companies had set up their networks in that part of China, and what they might have done wrong. What Bing and his buddies did was the sort of thing that could be used as an Internet weapon, in wartime. The cyber-generals want to know exactly how it was done.




Help Keep Us From Drying Up

We need your help! Our subscription base has slowly been dwindling.

Each month we count on your contributions. You can support us in the following ways:

  1. Make sure you spread the word about us. Two ways to do that are to like us on Facebook and follow us on Twitter.
  2. Subscribe to our daily newsletter. We’ll send the news to your email box, and you don’t have to come to the site unless you want to read columns or see photos.
  3. You can contribute to the health of StrategyPage.
Subscribe   Contribute   Close