An attack by a Chinese online game provider meant to cripple the servers of its rivals ballooned to cause an Internet outage in much of the country in May, according to police.
The escalation began with a DDOS (distributed denial of service) attack on a domain registrar that serves many small gaming companies. While the national scale of the effects was unusual, such attacks are common among some small Internet businesses competing to draw customers in China, security researchers say.
Police have arrested four people involved in the attack, which targeted the DNS (Domain Name System) servers of registrar DNSPod, the police bureau in the southern city of Foshan, Guangdong province, said in a recent statement on its Web site. DNS servers translate domain names, such as google.com, into the numerical IP (Internet Protocol) addresses used to route information online.
The main culprit in the case, a 23-year-old cotton factory worker surnamed Bing, had bought a set of “private servers” and offered online games and advertising services on them, the statement said. Private servers are usually used to run emulated versions of popular online games like World of Warcraft. Their operators are often unlicensed by the game designers but make money on subscription fees or advertising.
Bing made little profit from his venture, partly because rival private server operators often attacked his servers, the police statement said. The assaults were likely DDOS attacks, in which a large group of malware-infected PCs is directed to contact a target server at once, overwhelming it with requests for information and leaving it paralyzed.
Bing and a technical assistant decided to retaliate and spent 280,000 yuan (US$41,000) to rent 81 servers used specifically for attacking private servers, the statement said. But the assistant’s abilities were “not specialized” and his attacks were ineffective, said the statement. The pair then searched online for help and asked a technician in eastern Zhejiang province to design a program that could conduct the attack.
Bing’s assistant booted up the program and it directly attacked DNSPod, a move that would paralyze the DNS servers used by many rival operators of private servers, but would also affect a large number of other Internet companies served by DNSPod, the statement said.
DNSPod’s overwhelmed servers became unable to handle DNS requests and instead forwarded them on to servers operated by major provider China Telecom, where they could not be processed. The unanswered information requests piled up and froze Internet access for hours in parts of six different provinces.
Attacks between illegal game operators and other Internet businesses are fairly common in China, both in and outside of major cities, said a local security researcher. Online mercenaries who own servers or control networks of compromised PCs often sell attack services on private forums or chat clients, he said.
Police action against attackers has been rare, partly because investigators in each region are barred from working in other provinces or towns, the researcher said. That can make tracing suspects difficult if the attacker is in a different part of China than the victim. Police also usually lack the technical skills needed to, for instance, trace the activity of malware-infected PCs, the researcher said.
The four suspects in the DNSPod case were detained in early June, the police statement said, giving no details on the later date of their formal arrest.
An officer at the Foshan police bureau declined to comment, but said a trial would follow the arrests.