Friday, November 18, 2011

China's Great Firewall Tests Mysterious Scans On Encrypted Connections

Via Forbes (Andy Greenberg) -

In the cat-and-mouse game between Chinese censors and Internet users, the government seems to be testing a new mousetrap–one that may be designed to detect and block tunnels through its Great Firewall even when the data in those tunnels is aimed at a little-known computer and obscured by encryption.

In recent months, administrators of services with encrypted connections designed to allow users secure remote access say they’ve seen strange activity coming from China: When a user from within the country attempts to reach a server abroad, a string of seemingly random data hits the destination computer before he or she can connect, sometimes followed by that user’s communication being mysteriously dropped.

The anti-censorship and anonymity service Tor, for instance, has found that many of its “bridge nodes”–privately-placed servers around the world designed to connect users to the rest of Tor’s public network of traffic re-routing computers–have become inaccessible to Chinese users within hours or even minutes of being set up, according to Andrew Lewman, the project’s executive director. Users have told him that other censorship circumvention services like Ultrasurf and Freegate have seen similar problems, he says. “Someone will try to connect, then there’s a weird scan, and the bridge stops working,” says Lewman. “We see weird things all the time, but this is a semi-consistent weird thing, and it’s only coming from China.”

Lewman believes that China’s internet service providers may be testing a new system that, rather than merely block IP addresses or certain Web pages, attempts to identify censorship circumvention tools by preceding a user’s connection to an encrypted service with a probe designed to reveal something about what sort of service the user is accessing. “It’s like if I tell my wife I’m going bowling with my friends, and she calls the bowling alley ahead of time to see if that’s what I’m really doing,” says Lewman. “It’s verifying that you’re asking for what you seem to be asking for.”

But so far, Lewman says Tor’s developers haven’t determined how that probe is able to see what’s an encrypted connection to a Tor server and what’s merely a connection to an encrypted banking or ecommerce site, which in theory should both look to a snooping government like indecipherably scrambled web traffic. The Chinese government after all, wouldn’t be likely to block all encrypted connections, such as corporate VPNs, Lewman points out. “If Foxconn were disconnected from Apple, that would be big problem,” he says.

In the mean time, only a small fraction of Tor’s Chinese users are experiencing the issue, implying that it may be just a subset of Chinese broadband providers experimenting with the new tool, says Lewman.

No comments:

Post a Comment