News Analysis: The apparently innocuous rerouting of some Internet traffic through a Chinese ISP is a warning that next time it could be a real malicious event.
When a large amount of global Internet traffic
was briefly rerouted through a small Chinese ISP back in April, there
was likely little impact on the U.S. government addresses that were
However, the fact that a Chinese ISP could do
this should be a significant warning that simple trust isn't adequate
for the security of the Internet. The fact that a Chinese ISP could do
such a redirection, even briefly, using the fundamentally insecure Border Gateway Protocol
tells us that anyone else can do the same thing.
This event took place because the Chinese ISP
provided routing alternatives that told the Internet routers that
sending traffic through the ISP was the most efficient route. Some
routers accepted the suggested routes, and sent the traffic through
this one network. This affected about 15 percent of the world's
Internet sites, including some belonging to the U.S. military and other
parts of the U.S. government.
The traffic that was redirected in the U.S.
appears to have been e-mail and Web traffic. In addition to affecting
some government traffic, the redirection also affected some large
companies including IBM, Dell and Microsoft. The disruption lasted
about 18 minutes back at the beginning of April. The U.S. Congress,
having only lately realized that this happened, is demanding an
So here's an explanation. Traffic to about 15 percent
of Web sites was affected. This is not the same thing as 15 percent of
all Internet traffic. In fact, the most affected Web sites were those
in Asia, most notably in China. Very little traffic from sites outside
China and its immediate neighbors actually went to China before being
sent along to its ultimate destination. It's not clear how much traffic
from the U.S. was affected, but it was clearly not much of
What's also not clear is what happened to that
Internet traffic while it was transiting that ISP's network in China.
It may have simply been routed across the network and back to its
destination. It's possible that the Chinese government siphoned off
some of the traffic for further examination. It's even possible that
they read some of the e-mail intended for members of Congress.
Assuming the theoretical Chinese monitors
survived the experience of reading congressional e-mail, most of the
rest was, at least in theory, unclassified in nature. The government
doesn't send classified data across the open Internet for precisely