Six provincial network paralysis origin hacker Shandou: Rent 91 Server attacks

A lot of netizens remember two months ago a large area of the network paralysis event: May 19 21:50, Jiangsu, Anhui, Guangxi, Hainan, Gansu, Zhejiang Province, six provinces and users visit the site speed slow or simply cut off the net. As at 1:20 A.M. 20th, Internet services in the affected areas have largely returned to normal. July 6, the nationwide attention of the "5 19" network paralysis case, its 4 suspects by Jiangsu Province Changzhou Tinian District People's procuratorate suspected of destroying the computer information system for the crime of approval to arrest. A few days ago, prosecutors in the case of reporters in an interview, said the origin of the cases: "5 19" six Provinces of the network paralysis case, the cause is a few network operators and competitors to fight each other. Its pinch is like a domino pulled down, triggering a ripple effect. It is worth pondering that, this kind of mutual hacker attack type of pinch, is currently in the Internet industry is quite common. Six provinces broken network two hours May 19 afternoon, in Changzhou district office of a small Chen feel more and more slow speed. Subsequently, Sina, Sohu, NetEase and other portal sites can not access. At first, he thought it was his computer poisoning, so constantly anti-virus, optimization, cleaning computer garbage, but no effect. Later, he found that the same thing happened to his colleagues ' computers. As a result, colleagues continue to restart the unit's router, but there is no effect. What Xiao Chen and his colleagues did not think of was that they were experiencing a large area of network interruption that affected six provinces and cities nationwide. May 21, the Ministry of Information said that May 19 21:50, Jiangsu, Anhui, Guangxi, Hainan, Gansu, Zhejiang Province, six provincial users to visit the site slow or simply cut off the net. As at 1:20 A.M. 20th, Internet services in the affected areas are basically back to normal. There were divergent views on the cause of the incident. Ministry of Communications officially issued a briefing to explain the cause of the accident: Because of the storm audio (video playback software) site's domain name resolution system was attacked, resulting in a sudden increase in the number of telecommunications DNS server traffic, network processing performance degradation. After receiving the report, the Public Security Department immediately organizes the public security departments of Jiangsu and Zhejiang to carry out investigation. For a time, the case was widely concerned by the national media. Because this "server" attack of the servers located in Changzhou, the Ministry of Public Security will be the case to the Changzhou police. Changzhou police through the network technology monitoring found that in Foshan, Guangdong, a server has an abnormal situation, by supervised, the owner of the server captured, and control the other 3 associates. Currently, 4 suspects have been arrested by Changzhou Tinian District Procuratorate for allegedly damaging computer information systems. The case, which caused widespread cyber-paralysis, has been rare for nearly 10 years. How did this case arise? What's hidden behind the scenes? Hire 91 servers to attack others in the eyes of prosecutors, the 4 suspects are "born", the case of the two core characters is a soldier (a pseudonym) Hacheng (alias), both were 1986. The soldier is from Zhejiang, father.Opened a cotton factory in Foshan, Guangdong. Soldier Hacheng is a classmate, a soldier after graduating to his father's cotton factory to help. Soon, Xiaoqing also came to the Cotton factory. On one occasion, Xiaoqing told the private server to make money. The pawn decided to invest in online games and advertising. In this small company, the soldier is the big shareholder, is responsible for the investment, Xiaoqing is responsible for the technology. The Internet server, which was established after illegally obtaining the server-side installation program without the copyright owner's authorization, was essentially a network pirate, and the result was a direct diversion of the operator's profits. Some online games and other web sites to hire like a pawn, six months or a year a rent. In the strong cloud of the business, companies such as the small size of the company, the technology is weak, they make little money. Later, they found that the main reason for their failure to make money was that their opponents often attacked each other in the illicit business, and only after defeating their opponents could they take over their customers. They are often attacked, the company's profit is not high, for this, the soldier has been a headache. Later, the soldier knew a netizen, two people in chat to operate the opponent attack, this netizen said, attack People's website, need certain traffic, otherwise it is difficult to work. What is the concept of traffic? "After this case, I've become almost half an expert on computer blindness," he said. "The prosecutor who handled the case smiled and said," Traffic is like a mobile phone to B mobile phone to send a message, b mobile phone is normal, but, if the same time there are 5,000 mobile phone to B mobile phone send a short message, that B phone will certainly explode. The Netizen explained the principle to the soldier. How to achieve a certain flow? To achieve a certain amount of traffic, it is necessary to increase the number of attacks. To this end, the small, little lian two relatives of small wind, small treasure total investment of 280,000 yuan, please contact the Netizen, rented 91 servers, specifically used to attack other servers. The 91 servers are rented in Cangnan, Zhejiang province. Frontal storm bad, turn to attack "domain resolution" because several people are not professional network technology, although rented 91 servers, but in the process of direct attacks on other games, found that the attack on a partial server is not very good. To this end, several people posted online to seek help. Soon, the soldier knew a netizen Xiao Qiang (alias). It is noteworthy that the two had never met until the arrest. The soldier asked Jack Bauer how to attack the enemy. Xiao Qiang told him that the effect of direct attacks is not very good, if the attack on these Web site domain name resolution server, resulting in these sites can not be accessed, should be effective. Xiao Qiang himself also runs a network company in Zhejiang Dongyang, but Xiao Qiang himself is not professional enough for network technology. So he called his staff Xiao Just (a pseudonym) to complete the task. Small just received the task, overnight rushed to make a complete set of online attack method, written text file, through the mail to xiaoqing. Xiao Qiang in the whole process, did not charge a pawn of a penny, then why he wants soDo? According to Xiao Qiang, the whole atmosphere of the illicit business is to attack each other maliciously, and whoever attacks each other's success will make money. He teaches the soldiers to carry out the main purpose of the attack, one is for himself in the "Network of rivers and lakes" on the famous, the other is to do so, his reputation spread out, no one dares to attack his own company, on their own is a protection. May 18 Night, the attack officially started. Ironically, the main character of the case, the soldier, did not take the attack seriously. He put the whole attack work to Xiaoqing, himself went to a bar will be female netizens. At about 7 o'clock that night, Xiaoqing started attacking with the company computer. None of them expected, the attack method of small just design uses is "Catch a thief first to catch the King" strategy, namely direct attack website of "head"--dnspod server. Dnspod is a free domain name, its owner is Nantong Wanda Network Service company, in charge of a young man named Wu Hongshong, this year is only 24 years old. Wu Hongshong's personal website mainly provides domain name resolution service for many websites in China. Although it is not a company operation, but he already owns 16 servers, distributed throughout the country. His website includes VERYCD, rain forest Wind, 4399, games, Storm audio and video, Cnzz and other famous websites. The Dnspod server is the head of many private servers under management. Once the dnspod is paralyzed, other servers will be damaged. Xiaoqing when they chose to attack the object, the surface they chose to attack the six or seven, are several game sites, they never thought or said there is no sense of this, the several sites and storm audio and video is the same dnspod server. Attack only more than 20 minutes, six provinces and regions network paralysis Wu Hongshong This dnspod server entrust Changzhou Telecom trusteeship, placed in Changzhou Telecom service industry room. Greenie shut down the attack more than 20 minutes after the attack was carried out within his computer company. Then he dozed off in his office chair, unaware that his 20-minute attack would spark a stir. Xiaoqing implementation of the attack soon, the telecommunications industry in Changzhou in the computer room administrator found that Dnspod server port flow anomaly, immediately to the Superior report, Changzhou Telecom after the report to Jiangsu Telecom report for instructions. To prevent the accident, Jiangsu Telecom decided to close the Dnspod server immediately. Unfortunately, the telecoms-shutdown DNS server was providing domain-resolution services for about 100,000 sites, including Storm audio and video, as well as a large number of local portals, personal sites and corporate sites. This causes a large number of users to subsequently be unable to access these sites. Some people may ask, after the closure of the dnspod, why the 18th night did not appear network paralysis, and until the 19th until the full outbreak of the night? Originally, Wanda Company and Changzhou Telecom signed a trusteeship agreement, the dnspod agreed to have a buffer time, the request to resolve a failure, the Dnspod has a 24-hour cache period. But it isDue to the existence of the cache period, the normal appearance did not let the management to find the Dnspod port flow anomaly of the real reason, so that did not take the correct rescue measures, resulting in a large area of paralysis accidents. 19th night after the incident, Wu Hongshong has been busy to solve the 18th night attack problem, until the 20th afternoon a friend told him that the 19th late large area of the fault may be related to dnspod, he suddenly realized. At this time the ministry has convened an emergency meeting, Storm top also contacted Wu Hongshong, to discuss the follow-up backup domain name server problem. 21st, the Ministry of Public service combined with Storm and dnspod to the police department. July 6, soldiers and other 4 people suspected of damage to the computer information system crime was Tinian District Procuratorate approved the arrest. Relevant departments should strengthen supervision according to the case prosecutors, 4 suspects in advance have not considered their behavior is in the crime. They have always believed that many of the domestic Internet companies to attack each other, this behavior is too much, even think it is a normal behavior. Prosecutors said that the "hacker" attack, the law has two charges can be prosecuted, one is illegal intrusion into computer information system crime, the other is to destroy the computer information system crime, the former is related to national security, soldiers and other people's behavior is applicable to the latter. The 4 people in the case did not realize that they were committing a crime, or even that their own attacks could have such serious consequences. A professional said that the network incident began in the "illicit" operators of vicious competition, their purpose is very simple, that is, "fame and profit." In the current network industry, this vicious competition is very common, but this time due to some accidental factors caused more adverse consequences, just let these few games between the things exposed. The network paralysis erupted so suddenly, involving such a wide range, the impact of such a deep, so that the vast number of netizens and industry experts were unexpected. Prosecutors told reporters, handling the case, found that there are many worthy of reflection, from the technical, legal, industry, the relevant State departments should strengthen supervision.