Facebook login system blocked by Great Firewall of China causing DDoS panic

Facebook. Image courtesy of tanuha2001/ShutterstockInternet users in China have been unable to connect to a number of popular foreign websites over the last few days, apparently due to what security reporter Brian Krebs describes as a “screw-up” by government censors.

Krebs says the issue – an apparent mistake – was quickly rectified, but many users are still having trouble reaching affected sites due to old data still being cached by some Chinese networks.

Social media users first reported having problems over the weekend after being redirected to open source software website WPKG (wpkg.org) and travel website Perpetual Traveler (ptraveler.com) when trying to connect to sites not normally censored by the regime, including online versions of US and UK newspapers.

Facebook has passed little comment on the situation thus far but a spokesperson did tell The Verge that:

This behavior is occurring locally and beyond the reach of our servers. We are investigating the situation.

China’s Great Firewall began intercepting Facebook’s Login applet on Sunday, replacing it with Javascript loaded from the two seemingly random third-party websites.

Nicholas Weaver, a censorship researcher at the International Computer Science Institute (ICSI) and the University of California, Berkeley, told Krebs that:

Any page that had a Facebook Connect element on it that was unencrypted and visited from within China would instead get this thing which would reload the main page of wpkg.org.

We can’t think of an obvious reason why the Chinese government would choose WPKG or Ptraveler for the redirection – a sentiment echoed by Tomasz Chmielewski, project lead at WPKG, who told Reuters that he was unsure why internal Chinese traffic was being sent to the site.

WPKG seems to be back up and running normally now, but the Perpetual Traveler blog appears to have fallen under the strain of all the additional traffic sent its way.

It is currently unclear why, outside of a complete mistake, China would engage in such action against the Facebook Login applet.

The social network remains blocked in China, officially at least, but there has been some relaxation of that ban in recent years.

Weaver told Krebs that the Chinese government, assuming that its national web filtering system was the cause of the glitch, had nothing to gain if it had deliberately enforced the block:

The Chinese censors don't benefit from it, because this caused a huge amount of disruption to Chinese web surfers on pages that the government doesn't want to censor.

But would that stop China?

In January 2015, censors rendered most of the internet unusable in the country after a bodged attempt at blocking Greatfire.org, a censorship watchdog that subsequently suffered a massive DDoS attack that sent its server costs to more than $30,000 per day.

And, in March, a similar redirection was aimed at software repository GitHub, apparently in retaliation for the posting of content on two pages of the site (one created by Greatfire.org and the other a Chinese-language version of The New York Times) that are banned in China.

In short, it doesn’t look as though this was a deliberate DDoS attack.

Instead, it looks like an attempt to intercept the Javascript module from Facebook Login, which allows third-party sites to authorise users through Facebook buttons on their sites.

Unfortunately for Perpetual Traveler, it seems to have turned into a DDoS anyway.

Image of Facebook courtesy of tanuha2001 / Shutterstock.com.