China’s Internet Traffic Redirected, But Not to a House in Wyoming

The New York Times has a piece out this morning involving China’s Great Firewall, China’s instrument of controlling the online content available to its citizens, that, if true, would be hysterical.  The article begins:

In one of the more bizarre twists in recent Internet memory, much of the Internet traffic in China was redirected to a small, 1,700-square-foot house in Cheyenne, Wyo., on Tuesday. [...]

[Domain name servers associated with China's Internet], which act as a switchboard for Internet traffic behind China’s Great Firewall, routed traffic from some of China’s most popular sites, including Baidu and Sina, to a block of Internet addresses registered to Sophidea Incorporated, a mysterious company housed on a residential street in Cheyenne, Wyo.

The Times provides a picture of the quaint cottage where a substantial portion of the world’s internet traffic was apparently misdirected, and describes past reports into this mysterious collection of mailboxes and corporate registrations.

And, of course, the Times‘ report took off, repeated by Slate, the Washington Post, Gizmodo, the Daily Dot, so on and so forth.  It’s a funny story that lets us mock the incompetence of China’s censorship techs.

But the Times’ report conflates a physical mailing address with an internet network address.  An IP address (or block of IPs, rather) is registered to a corporation.  The registration (which can be found by searching a WHOIS database, such as ARIN) reports the registrant’s mailing address, not the physical location of the computer associated with the IP(s).  While Sophidea, Inc. might register a block of IP addresses, the associated servers may be anywhere in the world, far from Sophidea’s corporate headquarters or, as here, mysterious post office box.

Sophidea, Inc., also provided the Wyoming Secretary of State with a mailing address elsewhere in Cheyenne, this one a small office building also used for designations of corporate agents.  (A designated agent is a person or corporation which will accept legal paperwork on behalf of a corporation, so that the true owners don’t have to establish an office or, for the benefits of privacy, reveal who runs the business.).

But reporting that China accidentally sent its internet traffic to a small office building (which also didn’t happen, to be clear) doesn’t provide the same amount of bemusement as imagining that China’s internet traffic was sent to a house.

So where did China’s internet traffic really go? It’s impossible to know without knowing which specific IP addresses were the recipients of the traffic.  However, taking the IP addresses from the range of IPs registered to Sophidea, Inc. (e.g., 65.49.2.0), and running a visual traceroute suggests that the final destination was somewhere in Asia, as the trace times out in Malaysia.  Of course, my skills in this arena are rudimentary at best, and I invite more informed minds to offer their own analyses.

But I’m confident that the traffic never got anywhere near Wyoming.

Update, Jan. 23, 2014: Two quick updates:

1) The Atlantic and Colorado Independent have joined in countering the Times story.  The Independent reached out to the upstream provider for (or, rather, apparent host of) Sophidea’s servers.  An anonymous employee with Hurricane Electric confirmed that Sophidea’s servers are not in Wyoming (or, for that matter, Asia, contradicting my own post-hoc research), but are, rather, in California.  Barring any unreported configurations of Sophidea’s servers, that forecloses the possibility that China’s data was redirected to Wyoming.  (The Independent‘s report also correctly notes that the Times, The Atlantic and I missed the fact that the address of Sophidea’s IP registration had changed and was not simply in addition to the quaint little house in Cheyenne.)

2) The Times‘ original story was briefly ‘corrected’ to note that:

“An earlier version of this post misstated where Chinese Internet traffic was redirected. It was redirected to a building in Cheyenne, Wyo., not a house.”

Of course, that correction was also erroneous: the data was not sent to Wyoming at all, much less a specific house or office building.

The original post has now been replaced with a lengthier story that ran on the front page of the Times this morning.  The new iteration is better, focusing on the mysterious circumstances of the enormous hiccup in China’s internet traffic and the (understandably) private Sophidea.

The new post provides this blithe correction to yesterday’s misleading report:

An earlier version of this post misstated where Chinese Internet traffic was redirected. The physical location of the servers receiving the traffic is not clear.

So, a correction to a correction.  Of course, yesterday’s report elided this critical fact. China’s Internet was not redirected to a house in Wyoming, to an office in Wyoming, or to Wyoming at all.  Yet, Times cybersecurity reporter Nicole Perlroth is sticking to her guns, contradicting the Independent‘s source (a Hurricane Electric employee who stated that the servers were in California) with this gem:

 

Nonsense.  A proxy server shields the identity of the sender of traffic (e.g., a computer in China), but generally doesn’t shield the identity of the recipient of the data.  Moreover, if the location of the IP address couldn’t be known (because proxy!), why did the Times report that the data was going to Wyoming?

Update II (Jan. 23, 2014): The Washington Post has a more precise report, which provides the actual IP: 65.49.2.178.  Running a traceroute on this IP confirms that the server is in California (and operated by Dynamic Internet Technology in a Hurricane Electric datacenter), corroborating the Independent‘s source.

  • hartpandrew

    Nice nab Adam.