Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Subscribe
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Subscribe
    Home Cybersecurity
    • Cybersecurity
    • Networking

    Chinese ISP Web Traffic Hijack Poses Huge Security Risk

    Written by

    Wayne Rash
    Published November 18, 2010
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      When a large amount of global Internet traffic was briefly rerouted through a small Chinese ISP back in April, there was likely little impact on the U.S. government addresses that were affected.

      However, the fact that a Chinese ISP could do this should be a significant warning that simple trust isn’t adequate for the security of the Internet. The fact that a Chinese ISP could do such a redirection, even briefly, using the fundamentally insecure Border Gateway Protocol tells us that anyone else can do the same thing.

      This event took place because the Chinese ISP provided routing alternatives that told the Internet routers that sending traffic through the ISP was the most efficient route. Some routers accepted the suggested routes, and sent the traffic through this one network. This affected about 15 percent of the world’s Internet sites, including some belonging to the U.S. military and other parts of the U.S. government.

      The traffic that was redirected in the U.S. appears to have been e-mail and Web traffic. In addition to affecting some government traffic, the redirection also affected some large companies including IBM, Dell and Microsoft. The disruption lasted about 18 minutes back at the beginning of April. The U.S. Congress, having only lately realized that this happened, is demanding an explanation.

      So here’s an explanation. Traffic to about 15 percent of Web sites was affected. This is not the same thing as 15 percent of all Internet traffic. In fact, the most affected Web sites were those in Asia, most notably in China. Very little traffic from sites outside China and its immediate neighbors actually went to China before being sent along to its ultimate destination. It’s not clear how much traffic from the U.S. was affected, but it was clearly not much of it.

      What’s also not clear is what happened to that Internet traffic while it was transiting that ISP’s network in China. It may have simply been routed across the network and back to its destination. It’s possible that the Chinese government siphoned off some of the traffic for further examination. It’s even possible that they read some of the e-mail intended for members of Congress.

      Assuming the theoretical Chinese monitors survived the experience of reading congressional e-mail, most of the rest was, at least in theory, unclassified in nature. The government doesn’t send classified data across the open Internet for precisely this reason.

      Chinese ISP Web Traffic Hijack Poses Huge Security Risk

      pagebreak title=It’s Time for the IETF to Rethink Global Web Security

      But that doesn’t mean the information can’t be used for bad things. First, if you go through a great deal of any communications, including unclassified e-mail, it’s still possible to determine at least the outline of what the traffic means.

      So while the details of a classified operation wouldn’t be found, there might be enough references to it that something meaningful could be discerned. To accomplish this, you have to go through a LOT of data. The US used to do this kind of monitoring on the old Soviet Union’s communications by tapping its undersea cables, and recording everything. In the process, the spooks involved were eventually able to decrypt the traffic, but in the mean time they could figure out the broad outlines.

      The problem here is that there was only 18 minutes of data, most of which was for places like joy.cn, not for army.mil. So even if some information was captured, it was unlikely that it was enough to be useful.

      However, the Chinese did learn something that may be extremely useful. They learned that they could, in fact, redirect a significant portion of the world’s traffic through their servers. However, they also found out that network managers noticed.

      So the question is, was this really a sort of proof-of-concept? Was the Chinese government really probing the Internet to see what it could do and how quickly it would be found out? If so, they learned that they can, indeed reroute some of the Internet. They also found out that they would be noticed.

      But think about what could be accomplished even with 18 minutes of redirecting the right kind of traffic. You could create targeted Internet outages, for example. You could probably read commercial traffic, which has been a significant target for the Chinese government for a while. You could also disable communications for some agencies for long enough to be a diversion for some other activity.

      Furthermore, the Chinese aren’t the only people who now realize that this is possible. Use your imagination and you’ll think of any number of groups for whom disrupting even a portion of U.S. communications would be considered a victory.

      This event has also done one other thing that we should thank the Chinese for. It has forcefully illustrated just how susceptible the Internet is to tampering. The problem is, unlike other critical protocols, there is no move to make BGP secure. Basically, if someone decides they want to do something like redirect Internet traffic, they’ll get what they want. There’s no protection. Maybe it’s time that the IETF or some other group started paying attention to this problem.

      Wayne Rash
      Wayne Rash
      https://www.eweek.com/author/wayne-rash/
      Wayne Rash is a content writer and editor with a 35-year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He is the author of five books, including his most recent, "Politics on the Nets." Rash is a former Executive Editor of eWEEK and a former analyst in the eWEEK Test Center. He was also an analyst in the InfoWorld Test Center and editor of InternetWeek. He's a retired naval officer, a former principal at American Management Systems and a long-time columnist for Byte Magazine.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.