Considering the security implications of CloudFlare’s partnership with Baidu

Earlier this year, Citizen Lab revealed an attack tool that redirected Internet traffic in mainland China to take down websites like GitHub or GreatFire. The tool was dubbed “the Great Cannon” because it appears to share locations with “the Great Firewall” that separates mainland China from the global Internet.
The Great Cannon was the first thing I thought about when news recently broke about CloudFlare’s partnership with Baidu. Both companies were touting their ability to reduce page loading times and make websites available to more people inside China, but nothing was said about how the tool might provide even more fodder for the Chinese government to load into its Great Cannon.
Matthew Prince, co-founder and chief executive of CloudFlare, was quick to address my concerns. “When we see attacks [like those caused by the Great Cannon] those are actually fairly easy attacks to stop,” he said. “Often, much larger and more destructive attacks come from using infected machines and botnets.”
The Great Cannon, in other words, isn’t the scariest thing out there. Prince added that CloudFlare’s partnership with Baidu might actually make it easier to defend Western sites from attack.
“I’m really excited that we’ll be better able to keep traffic inside China,” he told me. “Before, it was much harder to sinkhole traffic” coming from infected machines in the country. CloudFlare previously had to “largely overbuild” a West Coast facility to handle that traffic.
Others have taken a more pessimistic view of the partnership. FireEye’s chief security strategist, Richard Bejtlich, wrote an article for Motherboard about the problems Western companies might face because of the virtual joint venture. He argued that Baidu had enabled the Great Cannon with one of its tools; that sharing CloudFlare’s intellectual property could allow it to be undermined; and that Baidu or the Chinese government might just copy the company’s tech.
Prince dismissed the blog post as fear-mongering. Much of CloudFlare’s tech is already open-sourced, he said, and many companies could probably build a copycat by using the tools it has shared to its GitHub page. CloudFlare’s real value is said to come from the network it uses to thwart attacks and the data it gathers from the “more than 2 million web properties” with which it works.
“When US-China partnerships fail,” he said, “It’s often because some security guru and his lawyers say ‘We can’t trust you with anything.'” CloudFlare is said to have passed on many potential Chinese partners because it couldn’t trust them; sharing intellectual property is one way for CloudFlare to show that trust. He also said there’s “no evidence” Baidu was complicit with the Great Cannon.
Still, he said he hadn’t considered how speeding up Internet connections in China might indirectly assist the Chinese government. While things might not be as gloom as Bejtlich portrays them in his article, they might also not be as sunny as CloudFlare is depicting them. There’s a giant question mark here, and that’s unsettling, given just how problematic China’s Great Cannon might be.

North Korea appears to be back online

The internet seemed to be back up in North Korea on Tuesday, after experiencing a nearly “unprecedented” interruption, according to the BBC and other reports although Akamai said sporadic glitches occurred throughout the day (see chart.)

David Belson, [company]Akamai[/company] senior director of industry and data intelligence said the root cause of Monday’s multi-hour outage and shorter glitches on Tuesday remains unclear. He noted via mail that “it’s unlikely to be a physical cause [like a] fiber cut, a concerted effort on the part of the DPRK government (since that’s usually more of a go down/stay down scenario), or a router misconfiguration.”

Monday’s outage, reported by tech vendors including Dyn and CloudFlare, remains shrouded in mystery — sort of like the Sony hack that preceded it. Last week, the FBI blamed North Korea for breaking into Sony’s servers, taking corporate documents and releasing embarrassing internal emails. But some cyber security experts don’t believe that North Korea is the culprit.

That led Sony to make the controversial decision to pull The Interview, a comedy centered on a plot to assassinate North Korean leader Kim Jong Un.

Some suspect the interruption in North Korea is part and parcel of the “proportional response” to the Sony hack that President Barack Obama vowed last week. Others point to China — North Korea relies on China Unicom as its main pipeline to the rest of the world so that is obviously a possible single point of failure, Belson said although other than that there is no indciation that China is responsible for the outage.

A Chinese Foreign Ministry spokeswoman said reports of Chinese involvement had “no basis in reality,” according to the BBC.

north korea outage

Note: This story was updated at 3:04 p.m. PST with comments and data from Akamai.

CloudFlare CEO: ‘Insane’ NSA gag order is costing U.S. tech firms customers

Yup. Makes me wonder if the tech companies that have been lobbying for Patriot Act reform over the past few years were doing so in part to get out from under the NSA’s thumb. Policy discussions were always couched in geopolitical language, but they must have foreseen the backlash even from U.S. customers if word ever got out about what was up.