[cmslabstudent] China's computers at hacking risk
- From: 韩晓雨 <hanxiaoyu@xxxxxxxxx>
- To: 胡方伟 <hufangwei@xxxxxxxxxx>, cmslabstudent@xxxxxxxxxxxxx
- Date: Thu, 11 Jun 2009 09:59:09 +0800
By Jonathan Fildes
Science and technology reporter, BBC News
*Every PC in China could be at risk of being taken over by malicious hackers
because of flaws in compulsory government software.*
The potential faults were brought to light by Chinese computer experts who
said the flaw could lead to a "large-scale disaster".
The Chinese government has mandated that all computers in the country must
have the screening software installed.
It is intended to filter out offensive material from the net.
The Chinese government said that the Green Dam Youth Escort software, as it
is known, was intended to push forward the "healthy development of the
internet" and "effectively manage harmful material for the public and
prevent it from being spread."
"We found a series of software flaws," explained Isaac Mao, a blogger and
social entrepreneur in China, as well as a research fellow at Harvard
University's Berkman Center for Internet and Society.
For example, he said, tests had shown that communications between the
software and the servers at the company that developed the program were
unencrypted.
Mr Mao told BBC News that this could allow hackers to "steal people's
private information" or "place malicious script" on computers in the network
to "affect [a] large scale disaster."
For example, a hacker could use malicious code to take control of PCs using
the software.
"Then you have every computer in China potentially as part of a botnet,"
Colin Maclay, also of Harvard, told BBC News.
A botnet is the name given to a network of hijacked computers that can then
be used to pump out spam or launch concerted attacks on commercial or
government websites.
No one from Jinhui Computer System Engineering, the company that developed
Green Dam, was available for comment.
*'Naked pig'*
The software has also caused a backlash amongst privacy experts, academics
and some Chinese citizens. It has also raised the scorn of the blogosphere
inside the country who feel the system is no match for tech-savvy teenagers.
One blogger posted a screenshot of the software purportedly blocking an
attempt to visit a porn site using Microsoft's Internet Explorer.
But, he said, there was no problem accessing the site using the Firefox web
browser.
Others have reported that the system only runs on Microsoft Windows,
allowing Mac and Linux users to bypass the software.
It is thought that at least 3m computer users have already downloaded the
software, opening them up to potential security problems.
Another formal study by the Open Network Initiative into the risks posed by
the software is expected soon. However, many people in China who have been
forced to use the software are already reporting other problems.
For example, the system reportedly blocks legitimate as well as banned
content. For example, it designed to identify the proportion of skin colour
in a picture to determine whether it is pornography.
But comments on a bulletin board run by the software company that designed
the system, suggest the system does not work perfectly.
"I went on the internet to check out some animal photos. A lovely little
naked pig was sent onto the black list. Pitiful little pig!," read one
comment.
"I was curious, so I looked up some photos of naked African women. Oh, they
were not censored!"
Another message read: "We were ordered to install the software. So I have to
come to this website and curse. After we installed the software, many normal
websites are banned."
The forum was taken down after it was seemingly flooded with complaints. A
message on the site said says it is being "upgraded".
Mr Mao told BBC News that they believed there was a new guideline from the
country's central propaganda department "to comb all media and online forums
to block critics and discussion over the issue."
*Firewall flaw*
The government may be keen to shut down discussion to quell rumours that the
system could be used to monitor its citizens.
"Once you've got government-mandated software installed on each machine, the
software has the keys to the kingdom - anything can be logged or affected,"
said Professor Jonathan Zittrain, also of Harvard's Berkman Center.
"While the justification may be pitched as protecting children and mostly
concerning pornography, once the architecture is set up it can be used for
broader purposes, such as the filtering of political ideas."
In particular, the system could be used to report citizens' web habits.
"It creates log file of all of the pages that the users tries to access," Mr
Maclay told BBC News.
"At the moment it's unclear whether that is reported back, but it could be."
A twitter user in China claims that the software transmits reports to Jinhui
- the maker of the software - when the user tries to access blacklisted
websites.
However, Zhang Chenmin, general manager of the developer of Green Dam, told
the China Daily newspaper last year: "Our software is simply not capable of
spying on internet users, it is only a filter."
Although many countries around the world routinely block and filter net
content, China's regime is regarded as particularly severe.
"There is no transparency about what they are blocking," said Mr Maclay.
Free speech campaigners are concerned that the list could be tweaked to
suits the government's aims.
Recently, there has been a web black out across China in advance of the 20th
anniversary of the Tiananmen Square massacre.
Website such as Twitter and the photo-sharing site Flickr were blocked in an
attempt by the government to prevent online discussion on the subject.
However, some users were able to bypass the filters to distribute pictures
and commentary including links to photos of plain-clothes policemen blocking
the lenses of foreign journalists with their umbrellas.
The country is able to take action like this because it already has a
sophisticated censorship regime, including the so-called Great Firewall of
China. However, it is known to have some flaws.
A 2007 study by US researchers showed that the system was much more porous
than previously thought.
It found that the technology often failed to block content banned by the
Chinese government, allowing web users to browse unencumbered at least some
of the time.
Filtering and blocking was "particularly erratic", they said, when large
numbers of people were online in China.
Despite the failures, the researchers said, the idea of the firewall was
more effective than the technology at discouraging talk about banned
subjects.
This kind of social pressure was also key to another tactic used by the
Chinese government to make sure its citizens only use sanitised portions of
the web.
In 2007, the government introduced virtual policemen that pop-up onscreen
when web surfers visit many of China's popular website to remind them to
stay away from illicit content.
In addition, the government expects internet service providers in China to
actively monitor and censor published content, such as blogs.
Experiments have suggested that this approach is hit-and-miss, with some
organisations more proactive than others.
However, these systems, combined with the new software, will allow the
Chinese government to sanitise the web for most of the 300m of China's
population of 1.3bn have access to the net.
"I think this is intended as a sort of belt-and-braces approach, said
Professor Zittrain.
Other related posts:
