Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • Networking

    Chinese ISP Web Traffic Hijack Poses Huge Security Risk

    By
    Wayne Rash
    -
    November 18, 2010
    Share
    Facebook
    Twitter
    Linkedin

      When a large amount of global Internet traffic was briefly rerouted through a small Chinese ISP back in April, there was likely little impact on the U.S. government addresses that were affected.

      However, the fact that a Chinese ISP could do this should be a significant warning that simple trust isn’t adequate for the security of the Internet. The fact that a Chinese ISP could do such a redirection, even briefly, using the fundamentally insecure Border Gateway Protocol tells us that anyone else can do the same thing.

      This event took place because the Chinese ISP provided routing alternatives that told the Internet routers that sending traffic through the ISP was the most efficient route. Some routers accepted the suggested routes, and sent the traffic through this one network. This affected about 15 percent of the world’s Internet sites, including some belonging to the U.S. military and other parts of the U.S. government.

      The traffic that was redirected in the U.S. appears to have been e-mail and Web traffic. In addition to affecting some government traffic, the redirection also affected some large companies including IBM, Dell and Microsoft. The disruption lasted about 18 minutes back at the beginning of April. The U.S. Congress, having only lately realized that this happened, is demanding an explanation.

      So here’s an explanation. Traffic to about 15 percent of Web sites was affected. This is not the same thing as 15 percent of all Internet traffic. In fact, the most affected Web sites were those in Asia, most notably in China. Very little traffic from sites outside China and its immediate neighbors actually went to China before being sent along to its ultimate destination. It’s not clear how much traffic from the U.S. was affected, but it was clearly not much of it.

      What’s also not clear is what happened to that Internet traffic while it was transiting that ISP’s network in China. It may have simply been routed across the network and back to its destination. It’s possible that the Chinese government siphoned off some of the traffic for further examination. It’s even possible that they read some of the e-mail intended for members of Congress.

      Assuming the theoretical Chinese monitors survived the experience of reading congressional e-mail, most of the rest was, at least in theory, unclassified in nature. The government doesn’t send classified data across the open Internet for precisely this reason.

      Chinese ISP Web Traffic Hijack Poses Huge Security Risk

      pagebreak title=It’s Time for the IETF to Rethink Global Web Security

      But that doesn’t mean the information can’t be used for bad things. First, if you go through a great deal of any communications, including unclassified e-mail, it’s still possible to determine at least the outline of what the traffic means.

      So while the details of a classified operation wouldn’t be found, there might be enough references to it that something meaningful could be discerned. To accomplish this, you have to go through a LOT of data. The US used to do this kind of monitoring on the old Soviet Union’s communications by tapping its undersea cables, and recording everything. In the process, the spooks involved were eventually able to decrypt the traffic, but in the mean time they could figure out the broad outlines.

      The problem here is that there was only 18 minutes of data, most of which was for places like joy.cn, not for army.mil. So even if some information was captured, it was unlikely that it was enough to be useful.

      However, the Chinese did learn something that may be extremely useful. They learned that they could, in fact, redirect a significant portion of the world’s traffic through their servers. However, they also found out that network managers noticed.

      So the question is, was this really a sort of proof-of-concept? Was the Chinese government really probing the Internet to see what it could do and how quickly it would be found out? If so, they learned that they can, indeed reroute some of the Internet. They also found out that they would be noticed.

      But think about what could be accomplished even with 18 minutes of redirecting the right kind of traffic. You could create targeted Internet outages, for example. You could probably read commercial traffic, which has been a significant target for the Chinese government for a while. You could also disable communications for some agencies for long enough to be a diversion for some other activity.

      Furthermore, the Chinese aren’t the only people who now realize that this is possible. Use your imagination and you’ll think of any number of groups for whom disrupting even a portion of U.S. communications would be considered a victory.

      This event has also done one other thing that we should thank the Chinese for. It has forcefully illustrated just how susceptible the Internet is to tampering. The problem is, unlike other critical protocols, there is no move to make BGP secure. Basically, if someone decides they want to do something like redirect Internet traffic, they’ll get what they want. There’s no protection. Maybe it’s time that the IETF or some other group started paying attention to this problem.

      Avatar
      Wayne Rash
      Wayne Rash is a freelance writer and editor with a 35 year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He covers Washington and is Senior Columnist for eWEEK. He is the author of five books, including his most recent, "Politics on the Nets". Rash is a former Executive Editor of eWEEK and Ziff Davis Enterprise, and a former analyst in the eWEEK Test Center. He was also an analyst in the InfoWorld Test Center, and Editor of InternetWeek. He's a retired naval officer, a former principal at American Management Systems and a long-time columnist for Byte Magazine.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×