15 Percent of Internet Traffic Was Redirected Through Chinese Servers, Report

A new report to Congress discusses the security implications of the massive redirection of Internet traffic in April that routed military and commercial sites through servers in China.

A report slated to be made public Nov. 17 highlights security issues posed by a massive redirection of Internet traffic through Chinese servers earlier this year.

Citing a draft of a U.S.-China Economic and Security Review Commission report to Congress, the Washington Times reported today that roughly 15 percent of the world's Web traffic was redirected through computer servers in China in April. The incident lasted for 18 minutes, and impacted several .gov and .mil sites, the Times reported.

It is not clear whether the incident was intentional, though the redirection could have allowed "surveillance of specific users or sites [and] ... could even allow a diversion of data to somewhere that the user did not intend," the Times quotes the report as saying.

The incident occurred April 8, when a Chinese Internet service provider (ISP) published a set of instructions under the Border Gateway Protocol (BGP) that directed Web traffic from about 37,000 networks to route itself via computer servers in China.

Some of the specific U.S. government-owned sites affected were sites belonging to all four military branches, the office of the Secretary of Defense and NASA. Affected commercial sites included sites owned Yahoo, Dell and Microsoft, according to the report.

"Regardless of whether Chinese actors actually intended to manipulate U.S. and other foreign Internet traffic, China's Internet engineers have the capability to do so," the report is quoted as stating.

Matt Jonkman, CEO of Emerging Threats, said redirects happen daily, but the security issues here are "massive."

"BGP is the protocol we use to share routing information for most of the Internet, and it unfortunately is not an authenticated or secure protocol," he explained. "It works very well, but it's a collective trust environment. There are BGP issues daily, some causing localized disruptions, some causing larger scale issues...The security issues are massive, and we need the work funded by DHS and other organizations to be implemented more quickly to avoid these issues in the future."

"China and the US have very similar ability to affect BGP on the Internet," he continued, adding that these situations are easy to detect via projects like Routeview and related funding via the Department of Homeland Security.

"But the Internet is not an American thing, it is global, and we have to act in concert with all participants on the Internet to make these changes," Jonkman noted. "It can be done, and needs to be a priority to protect everyone on the Internet."

The commission reportedly notes that the Chinese government "might seek to intentionally leverage" malicious activity "to assert some level of control over the Internet, even for a brief period."

"At the very least, these incidents demonstrate the inherent vulnerabilities in the Internet's architecture," the report is quoted as saying.