This Little House in Wyoming Didn't Just Get Flooded With Web Traffic From China

By Megan Garber
An image of the house at 2710 Thomes Avenue, which is really just a house (Reuters/The Atlantic)

2710 Thomes Avenue in Cheyenne, Wyoming, is a house like many other houses in America. It's got two stories; it has a pleasant brick facade; it boasts, if the season is right, a nicely maintained lawn.

2710 Thomes Avenue in Cheyenne, Wyoming, is also the physical address for a whole collection of shell companies. The spunky little house, Reuters put it in a 2011 investigation, "serves as a little Cayman Island on the Great Plains."

And here's where things get interesting: Yesterday, the Cayman Island of the Great Plains collided—with China. Starting at 3:15pm local time, The Wall Street Journal reports, Chinese web users were redirected in their web searches—away from popular sites like Baidu and Weibo, and toward sites that they most decidedly had not sought out. The address for one of these was registered to a company called Dynamic Internet Technology, which helps users view sites, like Facebook and Twitter, that are blocked by the Great Firewall. (As Bill Xia, Dynamic Internet Technology's founder, told the Journal: "It was hundreds of thousands of users per second. They were sending [all of] China to us, so it’s hundreds of millions of users.") And even more traffic was rerouted to a block of IP addresses that are registered to a company called Sophidea Incorporated.

And what is Sophidea's listed mailing address? Yep: 2710 Thomes Avenue in Cheyenne, Wyoming. The New York Times, in a widely circulated story headlined "Chinese Internet Traffic Redirected to Small Wyoming House," calls the apparent censorship snafu "one of the more bizarre twists in recent Internet memory." 

It is. It's like that time, in 2002, that web searches for the social news portal Sina.com were briefly redirected to a site for ... Falun Gong. The irony of the whole thing—epic #censorfail!—is, for those of us with First Amendment protections we can comfortably take for granted, delicious.

***

Here's the thing, though: The other feature that makes the story so tantalizing—the idea of all this errant web traffic, winding up at the doorstep of a Househunters-worthy little home in Wyoming—is flawed. The traffic didn't go to the house; it simply went, as a physical thing, to sites whose IP addresses are registered to a shell company that uses the house as its formal address. (As of 2011, according to that Reuters exposé, some 2,000 shell and shelf corporations listed 2710 Thomes Street as their address. Sophidea is just one of them.)

Furthermore, as Adam Steinbaugh points out, Sophidea also lists, in filings provided to the Wyoming Secretary of State, another mailing address in Cheyenne—this one for a small office building. So the rerouted information packets, had they made it to servers in Wyoming at all, at the very least would have gone to a "small Wyoming house" and a "small Wyoming office building." 

But that China-to-Cheyenne rerouting happened, best I can tell, only figuratively: 2710 Thomes Avenue is a mailing address, and mailing addresses have very little to do with Internet network addresses. Here, let Steinbaugh explain

An IP address (or block of IPs, rather) is registered to a corporation.  The registration (which can be found by searching a WHOIS database, such as ARIN) reports the registrant’s mailing address, not the physical location of the computer associated with the IP(s). While Sophidea, Inc. might register a block of IP addresses, the associated servers may be anywhere in the world, far from Sophidea’s corporate headquarters or, as here, mysterious post office box.

Which leaves us with the unsettling question: Where did all that misdirected web traffic actually go? 

The even more unsettling answer: We don't know. We, in all likelihood, can't know. I spoke with Dave Lewis, the security advocate at the web content distribution network Akamai. "There's no way we can actually be certain about what actually transpired," he told me—both for political reasons (we're dealing with the notoriously non-transparent Chinese government), and for technological ones (we don't know which IPs of Sophidea's block were actually involved in the re-routing). Steinbaugh, for his part, took addresses from the range of IPs registered to Sophidea and then ran visual traceroute of them. His findings, with the caveat that "my skills in this arena are rudimentary at best," suggest that the packets ended up somewhere in Asia, with the trace timing out in Malaysia.

Wyoming, in this, is bypassed completely.

Again, though, we can only guess where the Chinese web traffic ended up. Or, as Lewis sums it up: The final destination of all that information "could conceivably be anywhere."     

Which is all a reminder that, though we love to talk about the Internet in terms of connection and communion and new opportunities for transparency, its core and corporate infrastructure remains somewhat mysterious. Shell companies. Front addresses. Unknown IPs. What is clear is that, yesterday, a hefty portion of the world's most sizable Internet market found itself routed to servers whose location we may never know. It was a collision of the Internet's obscurity and enormity. And what that adds up to, among other things, is this: "When a mistake happens," Lewis says, "it happens on an epic scale."

This article available online at:

http://www.theatlantic.com/technology/archive/2014/01/this-little-house-in-wyoming-didnt-just-get-flooded-with-web-traffic-from-china/283249/