China Hijacks The World Using Internet



Internet traffic 'hijacked' to China servers, says US report

WASHINGTON — Highly sensitive Internet traffic on US government and military websites was briefly "hijacked" and routed through Chinese servers earlier this year, a report to the US Congress said Wednesday.

For 18 minutes on April 8, a Chinese state-owned telecommunications firm rerouted email traffic to and from websites of the US Senate, the Department of Defense, along with "many others" including NASA and Department of Commerce, said the US-China Economic and Security Review Commission's annual report.

Some 15 percent of the Internet's entire traffic was routed through Chinese servers during this brief period in the late morning US time, said the report.

"We don't know what was done (with the data) when they got it," commissioner Larry Wortzel told reporters Wednesday, noting it was not established if the traffic hijacking by China Telecom was intentional and sanctioned by Beijing.

The rerouting began at a smaller Chinese Internet Service Provider (ISP) called IDC China Telecommunication before being propagated by China Telecom.

"When I see things like this happen, I ask, who might be interested with all the communications traffic from the entire Department of Defense and federal government," Wortzel said, adding: "It's probably not a graduate student at Shanghai University."

The efforts of Chinese individuals and organizations to penetrate US networks "appear to be more sophisticated than techniques used in the past," cautioned commission vice chair Carolyn Bartholomew.

"The massive scale and the extensive intelligence and reconnaissance components of recent high profile, China-based computer exploitations suggest that there continues to be some level of state support for these activities," Bartholomew said.

Leading Web security firm McAfee has warned of a rise in cyberattacks with political objectives, pointing to China as one of the major actors launching assaults on foreign networks.

US targets include the White House, Department of Homeland Security, US Secret Service and Department of Defense, McAfee said in its report last year.

"What could you do if you had the stream of email traffic for 18 minutes" to and from the US Joint Chiefs of Staff, asked Wortzel on Wednesday, saying that "most importantly you would get the Internet addresses of everybody that communicated," and be able to engineer an address to plant a virus.

Former US intelligence chief Michael McConnell told lawmakers earlier this year that the United States would lose a cyberwar if it fought one today, warning: "We're the most vulnerable, we're the most connected, we have the most to lose."

McConnell, who served as ex-president George W. Bush's director of national intelligence, warned a Senate panel in February that because the United States was not failing to effectively mitigate the risk, "we are going to have a catastrophic event."

China's capacity to launch cyberattacks on US commercial interests was also highlighted this year after Internet giant Google threatened to completely shutter its operations in the Asian country, saying it became the target of a series of sophisticated cyberattacks there.

The commission on Wednesday recommended Congress call on the administration of President Barack Obama to formally investigate the "volume and seriousness of exploitations and attacks" targeting federal agencies that handle sensitive military and diplomatic information.

Update: Report sounds alarm on China's rerouting of U.S. Internet traffic

Substantial portion of traffic was routed through China earlier this year, says U.S.-China commission

Computerworld - A report submitted to Congress on Wednesday by the U.S.-China Economic and Security Review Commission expressed concerns over what the commission claims is China's growing ability to control and manipulate Internet traffic.

The report points to two specific incidents earlier this year where actions taken inside China had a direct impact on Internet traffic in the U.S. and other regions of the world.

In one of the incidents, traffic to and from about 15% of all Internet destinations was routed through servers belonging to China Telecom, a state-owned telecommunications company.

In an e-mailed statement Wednesday, China Telecom rejected the claims, but offered no further comment.

The rerouting happened on April 8 and lasted for about 18 minutes. The traffic hijacking affected U.S. government and military networks, including those belonging to the Army, Navy, Air Force and Marine Corps, as well as the Office of the Secretary of Defense, the Department of Commerce, NASA and the U.S. Senate.

Commercial sites, including those belonging to Microsoft, Dell and Yahoo, were also affected.

It's unclear if Chinese telecommunications companies did anything with the hijacked data, the commission said in its report. But the kind of access that Chinese authorities had to the data could enable surveillance of specific users or sites, disrupt transactions, prevent a user from establishing connections to specific sites or divert them to other spoofed sites, the report noted.

"Incidents of this nature could have a number of serious implications," the report said.

The second incident involved a more widely reported botched attempt by Chinese authorities to block users inside China from accessing sites such as Twitter, YouTube, and Facebook.

Because of a network error, users in the U.S. and Chile also found themselves unable to access those sites, and were directed to incorrect servers -- just as they would have if they had been inside China.

Today's report makes it clear that there is little evidence to show that either incident was planned or executed deliberately. Even so, the incidents show that China and other countries have the capability to do so, if they want to.

"Although China is by no means alone in this regard, persistent reports of that nation's use of malicious computer activities raise questions about whether China might seek intentionally to leverage these abilities to assert some level of control over the Internet, even for a brief period," the report noted.

Incidents such as those reported by the commission highlight some of the fundamental vulnerabilities of the Internet, said Dmitri Alperovitch, an Internet threat researcher at McAfee.

Traffic flow on the Internet is enabled by routing servers, which essentially exchange information with each other on the best routes for traffic to take to get to a particular Internet destination. Each server implicitly trusts the information provided by other servers in the system.

The Internet hijacking incident of April 8 resulted when China Telecom's servers erroneously started advertising themselves as the best routes for a large chunk of Internet traffic. Such rerouting has happened before from simple configuration errors, though it can certainly be caused by deliberate actions as well.

There is no way of knowing for sure whether the April incident was done with malicious intent or was caused by accident as China Telecom has suggested, Alperovitch said.

"The takeaway here is that the foundation on which the Internet is built is insecure," Alperovitch said. "It is based on trust. We trust ISPs to tell us which networks they own. There is no validation [of that information]."

"Not only can this problem happen again, but it probably will," he said.

With most routing errors, traffic is either dropped or misdirected, said Craig Labovitz, chief scientist at Arbor Networks, a network security systems vendor. Even a single misplaced line of code in a core router can result in wrong routing information being propagated through the Internet and cause all sorts of problems, he said.

"The underlying plumbing relies on trust," Labovitz said. "You got a lot of different telecoms all telling each other what address space they have and what they can reach. You believe what address space they have and you send traffic to them."

This is not the first time the commission has raised Internet security concerns related to China. In a similar report last year, it noted that China was using its maturing network exploitation capabilities to leach intelligence information from the U.S. government, military and industry.

"The problem is characterized by disciplined, standardized operations, sophisticated techniques, access to high-end software development resources, a deep knowledge of the targeted networks, and an ability to sustain activities," the earlier report had noted.


Comments

Popular posts from this blog

China Watch: Magical New Maglev, Fire the Ambassador?

Live Blog: GMIC G-Startup Competition 2011

Chinese Pinterest Huaban.com Grabs Money and Attention