Chinese ISP Web Traffic Hijack Poses Huge Security Risk
Email
Print
pagebreak title=It's Time for the IETF to Rethink Global Web Security
But that doesn't mean the information can't be
used for bad things. First, if you go through a great deal of any
communications, including unclassified e-mail, it's still possible to
determine at least the outline of what the traffic means.
So while the details of a classified operation
wouldn't be found, there might be enough references to it that
something meaningful could be discerned. To accomplish this, you have
to go through a LOT of data. The US used to do this kind of monitoring
on the old Soviet Union's communications by tapping its undersea
cables, and recording everything. In the process, the spooks involved
were eventually able to decrypt the traffic, but in the mean time they
could figure out the broad outlines.
The problem here is that there was only 18 minutes of data, most of which was for places like joy.cn, not for army.mil. So even if some information was captured, it was unlikely that it was enough to be useful.
However, the Chinese did learn something that
may be extremely useful. They learned that they could, in fact,
redirect a significant portion of the world's traffic through their
servers. However, they also found out that network managers
noticed.
So the question is, was this really a sort of
proof-of-concept? Was the Chinese government really probing the
Internet to see what it could do and how quickly it would be found out?
If so, they learned that they can, indeed reroute some of the Internet.
They also found out that they would be noticed.
But think about what could be accomplished even
with 18 minutes of redirecting the right kind of traffic. You could
create targeted Internet outages, for example. You could probably read
commercial traffic, which has been a significant target for the Chinese
government for a while. You could also disable communications for some
agencies for long enough to be a diversion for some other
activity.
Furthermore, the Chinese aren't the only people
who now realize that this is possible. Use your imagination and you'll
think of any number of groups for whom disrupting even a portion of
U.S. communications would be considered a victory.
This event has also done one other thing that
we should thank the Chinese for. It has forcefully illustrated just how
susceptible the Internet is to tampering. The problem is, unlike other
critical protocols, there is no move to make BGP secure. Basically, if
someone decides they want to do something like redirect Internet
traffic, they'll get what they want. There's no protection. Maybe it's
time that the IETF or some other group started paying attention to this
problem.
The problem here is that there was only 18 minutes of data, most of which was for places like joy.cn, not for army.mil. So even if some information was captured, it was unlikely that it was enough to be useful.
Wayne Rash is a Senior Analyst for eWEEK Labs and runs the magazineÃÃÃs Washington Bureau. Prior to joining eWEEK as a Senior Writer on wireless technology, he was a Senior Contributing Editor and previously a Senior Analyst in the InfoWorld Test Center. He was also a reviewer for Federal Computer Week and Information Security Magazine. Previously, he ran the reviews and events departments at CMP's InternetWeek.He is a retired naval officer, a former principal at American Management Systems and a long-time columnist for Byte Magazine. He is a regular contributor to Plane & Pilot Magazine and The Washington Post.
