Concern Over Internet Redirection Through Chinese Servers

A report to the US government highlights security issues posed by a massive redirection of worldwide Internet traffic through Chinese servers earlier this year. The British government has yet to state how UK traffic was affected.

Citing a draft of a US-China Economic and Security Review Commission report to Congress, the Washington Times reported that roughly 15 percent of the world’s Web traffic was redirected through computer servers in China in April. The incident lasted for 18 minutes and impacted several government and military sites, the newspaper reported.

ISP Redirected 37,000 networks

It is not clear whether the incident was intentional but the redirection could have allowed “surveillance of specific users or sites [and]… could even allow a diversion of data to somewhere that the user did not intend,” the Times quoted the report as saying.

The incident occurred on April 8 when a Chinese Internet service provider (ISP) published a set of instructions under the Border Gateway Protocol (BGP) that directed Web traffic from about 37,000 networks to route itself via computer servers in China.

Some of the specific US government-owned sites affected were those belonging to all four military branches, the office of the Secretary of Defense, and NASA. Affected commercial sites included sites owned by Yahoo, Dell and Microsoft, according to the report.

“Regardless of whether Chinese actors actually intended to manipulate US and other foreign Internet traffic, China’s Internet engineers have the capability to do so,” the report stated.

Matt Jonkman, CEO of Emerging Threats, said redirects happen daily but the security issues here are “massive”.

“BGP is the protocol we use to share routing information for most of the Internet and it unfortunately is not an authenticated or secure protocol,” he explained. “It works very well but it’s a collective trust environment. There are BGP issues daily, some causing localised disruptions, some causing larger scale issues.

“The security issues are massive and we need the work funded by the DHS [US Department of Home Security] and other organisations to be implemented more quickly to avoid these issues in the future,” he continued. “China and the US have very similar abilities to affect BGP on the Internet.”

He also said that these situations are easy to detect via projects like Routeview and related initiatives funded by the DHS.

“But the Internet is not an American thing, it is global, and we have to act in concert with all participants on the Internet to make these changes,” Jonkman noted. “It can be done and needs to be a priority to protect everyone on the Internet.”

The commission reportedly notes that the Chinese government “might seek to intentionally leverage” malicious activity “to assert some level of control over the Internet, even for a brief period”.

“At the very least, these incidents demonstrate the inherent vulnerabilities in the Internet’s architecture,” the report is quoted as saying.