June 13, 2009

Chinese Filtering Software Code May Have Been Stolen

A software company in California has alleged that stolen programming code is being used in Internet-filtering software which China has mandated for all new personal computers, The Associated Press reported.

The "Green Dam-Youth Escort" filtering software that must be packaged with all computers sold in China from July 1 supposedly contains parts of similar software designed by Solid Oak Software of Santa Barbara, the company said Friday.

Brian Milburn, Solid Oak's founder, said he plans to seek an injunction against the Chinese developer of the software.

"I don't know how far you can try and reach into China and try to stop stuff like this. We're still trying to assess what they're doing," he said.

China has stated it wants to block violence and pornography and is defending its use of the software, but some critics say it censors much more than that and does it on a deeper level than China's current Internet censorship.

With more than 250 million Internet users, China employs some of the world's strictest controls over what citizens can view on the Internet. 

This has led to the nickname "Great Firewall of China," which refers to technology designed to prevent unwanted traffic from entering or leaving a network.

The Chinese government routinely blocks political sites and others it deems offensive, but that happens at the network level. These blocked sites simply won't load in users' Web browsers, but savvy users can get around it by bouncing through "proxy" servers in other countries.

However, rather than blocking sites through the network, the new software blocks sites directly from a user's computer.

Solid Oak's claim that the Green Dam software contains pirated code was backed by a report released Thursday by University of Michigan researchers who examined the Chinese software. Serious security vulnerabilities that could allow hackers to hijack PCs running the Chinese software were also discovered, the report said.

A number of the "blacklist" files, or lists of Web sites that have been flagged as violent or pornographic or malicious or otherwise offensive, that Green Dam employs were taken from Solid Oak's CyberSitter program, according to the authors of the report.

These blacklists instruct Web browsers on computers to block those sites.

The author's of the report also found a file that contained a 2004 CyberSitter news bulletin that appeared to have been accidentally included in Green Dam's coding, promising yet another clue that Solid Oaks' code may have been stolen.


On the Net: