Security

China Scrambles to Repair Crumbling Green Dam

For years, China’s government has kept the country’s Internet surfers on a very short leash. Censors attempt to block any content considered immoral, which could be anything from pornography to politically charged blog posts.

Its latest plan is to order the installation of filtering software directly into all personal computers. While that software may shut Internet users out of certain corners of the Web, it could also leave doors wide open for malicious hackers, according to J. Alex Halderman’s students at the University of Michigan.

A report the team released last week shows just how big a problem bad Chinese software can be for everybody.

The filtering software the government has ordered installed on all computers shipped into its country after July 1 — known as “Green Dam” — leaks like a sieve and can become a virtual Chinese buffet for hackers, according to Halderman.

On Monday, China said it was ordering patches for the filtering software, but “I would doubt with the time available before the July 1st mandate that they would be able to make the software adequately secure,” Halderman, an assistant professor of electronic engineering and computer science, told TechNewsWorld.

Never mind the fact that human rights and privacy critics argue the Green Dam software would be used to filter political content and dissent and not just the pornography the government cites as its reason for the mandate. Also, never mind that a U.S. software company, Solid Oak Software, claims Green Dam uses code stolen from its Cybersitter filtering software. Those are side issues compared to the major cracks Halderman and his students found in Green Dam.

“Once Green Dam is installed, any Web site the user visits can exploit these problems to take control of the computer,” the University of Michigan report states. “This could allow malicious sites to steal private data, send spam, or enlist the computer in a botnet. In addition, we found vulnerabilities in the way Green Dam processes blacklist updates that could allow the software makers or others to install malicious code during the update process.”

An Example of Software Piracy?

“We did this extremely quickly,” Halderman said. “I was very proud of my students and some of the technical work we were able to accomplish. It was about 12 hours of doing the initial security analysis and some time after that writing that up, but we were able to find the problems [in Green Dam] pretty quickly. Part of it is that I have quite talented students, but the software also showed itself to be extremely vulnerable.”

Halderman and his team discovered evidence that Solid Oak Software code may have been lifted and placed in Green Dam. It wasn’t just that “blacklisted” URL addresses appeared to be copied directly from Cybersitter; “a news item, almost like a press release that Cybersitter sent to customers was included in the shipping version of Green Dam software,” Halderman said. “It appeared to be copied into Green Dam by mistake.”

If Green Dam’s makers can’t plug the holes by the July 1 deadline, computers used in China could become new zombie machines in spam and phishing networks, spewing out malicious code and causing damage to computers in other countries.

In addition to the holes Halderman’s students found in Green Dam, they found suspicious similarities between the blacklists the software uses to filter pages and those used by Cybersitter, a popular Web parental control product from Solid Oak Software.

China’s problem with software piracy has always been a major talking point in trade negotiations with the U.S. and other western nations, but Halderman says the Green Dam issue shines a new spotlight on the problem.

“Piracy is very common in China, but the real issue is that a program that appears to have been built based on the work of others without their permission is now being mandated by the government,” Halderman said. “The question is, why didn’t the government of China look into this more carefully before they mandated it?”

Reaction to the Report

There were similarities in the blacklisted Web addresses, the Chinese designers of Green Dam admitted to China Daily. However, they denied stealing software code. The designers also acknowledged there were flaws in the filtering software and that the Chinese government had ordered them to patch the problems, indicating that China is sticking with Green Dam for now.

Halderman has sent Green Dam’s makers a copy of his report, he said, and he offered more information to help fix the software, “but we haven’t heard back from them yet. I don’t know what to chalk that up to — certainly, there is a language barrier at play here.”

The big lessons for any U.S. or western technology firms wanting access to China’s billion-plus market and its emerging economic strength: “I think software piracy is a problem globally, but companies need to be diligent about making sure that the people they’re doing business with are being honest,” Halderman said.

3 Comments

  • Hi, it’s me again. On second thought and having read over some background info on Renay San Miguel, I’d like to admit that this is a decent article on the whole Green Dam debacle, and clarify that my only beef is with the headline and with the simplistic introductory paragraph. But then again, trying to fit the whole of Chinese censorship into one paragraph would be a challenge for anybody. Also Mr San Miguel’s article "Should Citizen Journalism Be Placed Under Citizen’s Arrest?" makes good points about sensationalism and reporting truthfully in the mainstream media, so I hope he (and his editors) can continue to show them up here in the cyberworld.

    To actually add something constructive in this comment, here’s a link to the latest development in this story from the China Daily, the main English-language state-owned newspaper in China:

    Green Dam filter software ‘not compulsory’ – http://www.chinadaily.com.cn/china/2009-06/15/content_8285962.htm

  • Your title has nothing to do with the content of the article. Does the Chinese government asking for the software to be patched constitute "scrambling"? Did you talk to any Chinese sources, and did they seem to be rushing to fix things? Also, your very first paragraph says "block any content considered immoral", which is an extremely simplistic way of looking at censorship in China and does your readers no favors except to reinforce faulty and outdated stereotypes. Please don’t write stories like this in the future; either report them for what they are ("Interview with Professor researching Green Dam") or just point your readers to better analysis than you can give.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by Renay San Miguel
More in Security

Technewsworld Channels