China Telecom, the Chinese wireless service provider at the centre of the recent Internet hijacking charges, has called the accusations against it “groundless,” but that has done little to squash a controversy that could have reaching implications.
In a report to Congress (PDF), the US-China Economic and Security Review Commission said China Telecom routed 15 percent of the Internet’s traffic through servers in China during a roughly 18-minute period on 8 April. The commission stopped short of saying this had been done deliberately, but noted that “the capability could enable severe malicious activities.”
“For about 18 minutes on April 8, 2010, China Telecom advertised erroneous network traffic routes that instructed US and other foreign Internet traffic to travel through Chinese servers,” according to the report. “Other servers around the world quickly adopted these paths, routing all traffic to about 15 percent of the Internet’s destinations through servers located in China. This incident affected traffic to and from US government (‘‘.gov’’) and military (‘‘.mil’’) sites, including those for the Senate, the army, the navy…and many others.”
“These reports by foreign media are completely groundless,” Wang is quoted as saying.
“Although the Commission has no way to determine what, if anything, Chinese telecommunications firms did to the hijacked data, incidents of this nature could have a number of serious implications,” the commission report states. “This level of access could enable surveillance of specific users or sites. It could disrupt a data transaction and prevent a user from establishing a connection with a site. It could even allow a diversion of data to somewhere that the user did not intend (for example, to a ‘spoofed’ site.
“Perhaps most disconcertingly, as a result of the diffusion of Internet security certification authorities, control over diverted data could possibly allow a telecommunications firm to compromise the integrity of supposedly secure encrypted sessions.”
Gartner analyst John Pescatore told eWEEK that well-known vulnerabilities in the Border Gateway Protocol (BGP) allow this kind of incident to happen and that there have been initiatives for years to improve this.
“It is like DNS – DNS has huge holes that allow DNS hijacking, and it has taken more than 15 years to get to the point where we are almost implementing DNSSEC … Now, most BGP problems and redirects have been by ISP mistakes and largely resulted in random denial of service attacks. But the basic structure of BGP allows this be done maliciously as well,” he said.
“If it is proven that the Chinese ISP (Internet Service Provider) did this purposely, then it is definitely against global Internet norms – it is more than just a breach of US-China cyber-relations, it is China breaking global practices on the global Internet,” he said.
Forrester Research analyst Jonathan Penn said he would not characterise the incident as a “hijacking of the Internet,” but added the situation highlights traffic routing as an element of cyber-security that’s been overlooked.
In a blog post, McAfee Vice President of Threat Research Dmitri Alperovitch wrote that while users may have experienced a slower than normal Internet connection, it’s likely they did not notice the event because the websites they were going to could still be reached. The incident was the one of the “biggest routing hijacks we have ever seen,” he wrote, and could happen again since a number of major telecommunications companies routing a lot of Internet traffic have the same capability.
“The incident took advantage of the vulnerabilities in the design of Internet’s fundamental building blocks, namely its routing protocols – vulnerabilities that were present in April and remain present today,” Alperovitch blogged. “Not only can this problem happen again, but it probably will. We have no way of knowing whether this event was done with malicious intent in mind or was an accidental failure as China Telecom operators have suggested, but it’s clear that with this capability demonstrated publicly, sooner or later someone will use it for nefarious purposes.”
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…