"For a brief period in April 2010, a state-owned Chinese telecommunications firm ‘‘hijacked’’ massive volumes of Internet traffic. Evidence related to this incident does not clearly indicate whether it was perpetrated intentionally and, if so, to what ends. However, computer security researchers have noted that the capability could enable severe malicious activities."
So says a 2010 Report to Congress of the US-China Economic and Security Review Commission that was released this week. The bi-partisan, 12-member Commission was set up in 2000 with a mandate "to monitor, investigate, and report to Congress on the national security implications of the bilateral trade and economic relationship between the United States and the People’s Republic of China."
The report (view the PDF here) goes on to say:
"For about 18 minutes on April 8, 2010, China Telecom advertised erroneous network traffic routes that instructed U.S. and other foreign Internet traffic to travel through Chinese servers. Other servers around the world quickly adopted these paths, routing all traffic to about 15 percent of the Internet’s destinations through servers located in China. This incident affected traffic to and from U.S. government (‘‘.gov’’) and military (‘‘.mil’’) sites, including those for the Senate, the army, the navy, the marine corps, the air force, the office of secretary of Defense, the National Aeronautics and Space Administration, the Department of Commerce, the National Oceanic and Atmospheric Administration, and many others. Certain commercial web sites were also affected, such as those for Dell,Yahoo!, Microsoft, and IBM."
The report says it doesn't know what the Chinese did with the data, but said that it was possible that it could:
"... enable surveillance of specific users or sites. It could disrupt a data transaction and prevent a user from establishing a connection with a site. It could even allow a diversion of data to somewhere that the user did not intend (for example, to a ‘‘spoofed’’ site). Arbor Networks Chief Security Officer Danny McPherson has explained that the volume of affected data here could have been intended to conceal one targeted attack. Perhaps most disconcertingly, as a result of the diffusion of Internet security certification authorities, control over diverted data could possibly allow a telecommunications firm to compromise the integrity of supposedly secure encrypted sessions."
A story in today's Bloomberg News says that China Telecom denies that it hijacked the Internet, while this story in the Wall Street Journal says that the, "State-run Chinese newspaper Global Times reported that Chinese experts were saying the reports have little merit because the majority of data in the world is routed through the U.S."
The Global Times story says that Chinese IT experts call the accusations "ridiculous and unreasonable." The Global Times cited a China Telecom engineer who said diverting that much Internet traffic "would greatly lag the operation of the [company's] servers or even paralyze it."
"Politicizing the incident is a way to bash China, which it believes poses a security threat."
Whether by accident or on-purpose, the Commission report has a sidebar discussion about how (easily) router manipulation can happen, for those interested.
The WSJ story also says that Commission Vice Chairman Carolyn Bartholomew told reporters Tuesday that while it was hard to "... establish direct responsibility for such incidents, the sophistication, size and targets of the attacks suggest some level of state support."
The Chinese government has officially kept quiet about the report and Vice Chairman Carolyn Bartholomew's remarks - at least for the moment.