⬆️ ⬇️

A brief history of information security in China: how to build the Great Chinese firewall

This year marks 20 years since the birth of content filtering ideas on the Chinese Internet. Now this technology is known to the whole world under the name “The Great Chinese Firewall”.



In the last article we have already touched the regulation of the scope of information security of China. Now let's look at the history of the Great Firewall, which embodies the country's cybersecurity policy.





/ Flickr / andi gentsch / cc

')

How it all began



The Internet began to spread across Asian countries in the early 80s. It was used mainly by the scientific community, there was no Chinese web yet, as well as content filtering systems.



In 1987 ( according to other sources , in 1986), two Chinese scientists sent the first email from the country to their European colleagues via a simple mail system of the time: “Through the Great Wall of China we will be able to reach all corners of the world”.



And indeed - this happened already in 1994. The first communication lines were laid between China and the United States, top-level .CN domains became available from abroad.



In the same year, the National Research Center for Intelligent Computing Systems launched the first electronic bulletin board in China - Dawn BBS. At the same time, the national publication China Daily launched its website, which quoted the international agency Reuters (now banned in the country).



As in many other countries of the world, scientists, members of the university community became one of the first Internet users - they established connections between branches and exchanged knowledge. In 1995, one of the two at the time telecom operators in the country began to build network infrastructure for ordinary citizens. Next year, the first commercial site of China became available to the first users.



At the first stage of Internet development in the country there was no clear framework and rules for content control. Internet penetration was minimal, and the technology itself was viewed as part of the “open door” policy — the process of acquiring and adapting Western knowledge to reform the national economy.



Project "Golden Shield"



In 1996, the first Internet cafes began to open in Shanghai and other major cities. More and more people accessed the network. As the popularity of the Internet grew, the need to regulate the new space began to take shape.



This year, China adopted a series of temporary provisions for managing network content. This mainly concerned the distribution and protection of sensitive information, the responsibility of infrastructure owners and the maintenance of international communication lines.



The following year, the Ministry of Public Security prepared comprehensive regulations that prohibited the use of the Internet for:





It was legally forbidden to create and distribute information that:





In 1998, on the basis of the laws and regulations already adopted, the Ministry of Public Security launched the development of the Golden Shield project, an integrated security system that also included the ability to filter network content. The project was presented in 2000 during a trade exhibition in Beijing. Greg Walton of the International Center for Human Rights and Democratic Development described the “shield” as a tool aimed at “introducing advanced information and communication technologies to strengthen control, response and the fight against crime”.



The “golden shield” at the first stage was a multi - level database system. With her help, during the first years of the project, the Department of Public Security streamlined information about the majority of Chinese residents. One of the subsystems of the “Golden Shield” was later called the “Great Firewall”. She was responsible and continues to be responsible for filtering network content in accordance with the laws of the country.



For the development of the Golden Shield and the firewall, the Chinese government collaborated with a number of research institutes and technology providers both within the country and abroad. The Golden Shield program, along with the Great Chinese Firewall, was officially launched in the country in 2003. He has been fulfilling his duties for 15 years now - he filters content prohibited in China.



How it works



At the heart of the firewall is a combination of several content filtering systems that have evolved in stages. At first, the filter taught to block only domain names and IP addresses. This method is in the firewall toolkit so far, but at the first stage it was the main one. There is a growing "black list" of IP addresses of unwanted resources - violators of the law on information security. This is usually enough to block access to a site and redirect traffic to the so-called “ blackhole route ”.



The main advantage of this filtering method is that it is relatively simple to implement and does not require special participation from Internet providers. The disadvantage is the need to update the list of IP addresses to be blocked. If a certain forbidden resource set as its task “to break through the firewall”, he could achieve this by changing the IP.



At the second stage of development, the firewall evolved before content filtering by keywords. The system analyzes the content of sites for compliance with the "national blacklist" of keywords. If prohibited information is detected, the connection is reset.



This stage came at the end of the 2000s. At the same time, major social services with a large amount of user-generated content — Facebook, Youtube, Twitter, Blogspot, Vimeo — got into the list of prohibited resources.



Gradually, users learned how to access prohibited resources bypassing the filtering system. They used tools like VPN and Shadowsocks for this. Therefore, in the third stage of firewall development - in 2011-2012 - the developers focused on detecting instances of using VPN and other tools to bypass locks. It was possible to establish the features of the used VPN protocols, such as IPSec, L2TP / TPSec and PPTP. Now the Golden Shield can drop VPN connections.



The fourth stage for cybersecurity strategy has become complex. The filtration system continues to evolve with the support of legislation. From the App Store (Apple’s app store), in the summer of 2017, VPN services began to disappear , and China Sinnet Technology, the company managing Amazon’s cloud business in China, demanded that its customers stop using VPN. Since March 31, 2018, a full ban on VPN has entered into force in the country. This is consistent with the legal regulation of cyberspace in the country.



In addition to the above features, the Great Firewall is capable of:







/ Flickr / Eric E Castro / CC



Who is blocked



There are quite extensive lists of prohibited sites in China, as well as services with which you can check whether access to a particular resource is blocked. Since last year, the local search engine Baidu has informed the users of the status of a particular site and analyzes whether the requested resource meets the requirements of the law on information security.



Most of the major international social networks, search engines, video hosting sites, instant messengers, streaming services are located behind the Great Chinese Firewall. It is impossible to use them while in China - it is impossible to get access without means to bypass the block. However, many blocked resources have allowed local counterparts - Sina Weibo instead of Twitter, Youku instead of YouTube, Renren instead of Facebook. A number of news sites, such as The New York Times and Bloomberg, are also banned in the country.



Many of these platforms - mostly social networks - violate the provisions of the law, allowing users to post comments themselves. For this reason, for example, access to Wikipedia has been blocked several times. Now in China they are going to create their own version of the encyclopedia, which can only be moderated by representatives of state universities.



Some services are blocked for a long time - Facebook, YouTube and Twitter are not available for 9 years. Others are temporary, for example, WhatsApp. Messenger stopped working for many users last year on the eve of the party congress. In recent years, access to GitHub has been limited for some time in the country.



Local versions of social networks are also processed by the content filtering system. China recently lifted the restriction on terms of tenure as president. Shortly thereafter, messages criticizing this event began to be deleted in the Weibo microblogging service.



Locks can be associated with the prohibition of any services or goods. This year the country banned ICO and cryptocurrency exchange. In this regard, the purpose of the firewall in February were sites offering cryptocurrency trading services.



What is the result



The policy of the Chinese authorities does not stop the growth of the number of Internet users in the country. By the end of last year, the figure rose to 772 million people. A year earlier, it was 731 million people.



The capitalization of 102 national Internet companies listed on domestic or foreign markets reached $ 1.4 trillion. Tencent, Alibaba and Baidu account for 73.9% of the total. Last year, Tencent even ranked Facebook on the list of the five largest companies in the world by capitalization. Each corporation from the top three has at least one product, the western counterpart of which at least once was blocked in the country.



Despite this, there is an opinion that the firewall is harmful to the national economy, while the technological sector of China remains without innovation. However, the authorities are not going to abandon the Golden Shield and the firewall, and local companies are becoming real competitors for the largest American corporations.



PS Here are some more materials from the corporate blog VAS Experts:



Source: https://habr.com/ru/post/354698/



All Articles