China may seek to 'control the internet', US report on web hijack warns

Discussion in 'China' started by RAM, Nov 19, 2010.

  1. RAM

    RAM The southern Man Senior Member

    Jul 15, 2009
    Likes Received:
    China “hijacked” 15 per cent of the world’s internet traffic earlier this year, according to a report to the US Congress, in what could be a new form of cyber-terrorism.

    A state-run telecoms firm is accused of diverting traffic including data from US military and government websites, and some in Britain, via Chinese servers.Experts fear that the authorities could have carried out “severe malicious activities” as a result of the 18-minute operation, even harvesting sensitive data such as the contents of email messages or implanting viruses in computers worldwide.The report by the US-China Economic and Security Review Commission says it raises the prospect that China might use its powers to “assert some level of control over the internet”.

    Carolyn Bartholomew, vice-chairman of the commission, said Chinese efforts to penetrate US networks are becoming more sophisticated, adding: “The massive scale and the extensive intelligence and reconnaissance components of recent high profile, China-based computer exploitations suggest that there continues to be some level of state support for these activities.”
    It is the latest sign that governments worldwide are apparently seeking either to launch attacks on computer networks or to defend themselves from them.

    The US military now has a “fully operational” Cyber Command, while Israel is suspected of being behind a computer worm known as Stuxnet that may have damaged Iran’s nuclear facilities.

    Earlier this year Google announced that Chinese hackers had tried to access the email accounts of human rights activists in the country in a “highly sophisticated and targeted attack”, while the government has blocked access to popular websites such as Wikipedia and BBC News.

    The new US report provides previously unpublished details about a suspected “hijack” of almost one-seventh of all internet traffic, which originated in China.

    “For a brief period in April 2010, a state-owned Chinese telecommunications firm ‘hijacked’ massive volumes of Internet traffic. Evidence related to this incident does not clearly indicate whether it was perpetrated intentionally and, if so, to what ends. However, computer security researchers have noted that the capability could enable severe malicious activities.”

    The attack took advantage of the way that data is sent via computer servers situated all around the world to reach websites.When an internet user in, for example, California wants to look at a website based in Texas, the data makes several short “hops” via servers on the way.

    Data are meant to travel by the most efficient route however this can be manipulated, as servers based in China can suddenly announce that they provide the quickest route to various websites.

    For 18 minutes on April 8 this year, the state-owned China Telecom advertised “erroneous” network routes which led to traffic going to 15 per cent of all internet destinations being sent via servers in China.

    These involved official US websites covering the Senate, army, navy, marine corps and Nasa as well as leading companies such as Microsoft, IBM and Yahoo.
    A handful of websites based in Britain were also affected, as well as many in Australia and within China itself.

    The Commission admitted it did not know if the “hijacking” was intentional or what happened to the data, but the report states: “This level of access could enable surveillance of specific users or sites.”

    Computer users could also have been prevented from accessing their intended websites, or been sent to fake sites, and “perhaps most disconcertingly” the operation could have allowed hacking of “supposedly secure encrypted sessions”.

    The large volume of data diverted could have been “intended to conceal one targeted attack”.

    “Although China is by no means alone in this regard, persistent reports of that nation’s use of malicious computer activities raise questions about whether China might seek intentionally to leverage these abilities to assert some level of control over the Internet, even for a brief period.”

    Wang Yongzhen, a senior press official with China Telecom, said: “China Telecom has never done such an act.”

    Maitland Hyslop, managing director at Internet Central, said: “The event confirms cybersecurity at the centre of state conflicts and confirms an international capability for cyberwarfare."Hard on the heels of the news about the Stuxnet virus it places the threat from cyber attacks high on any national or business agenda."

    The Chinese have also targeted Indian government offices and the office of the Dalai Lama, stealing secret and confidential documents, according to reports earlier this year.

    One of the techniques they have used to set up false social network accounts on sites such as Facebook in order to bypass established firewalls.In March last year, researchers discovered the GhostNet cyber espionage network that had infected 1,300 hosts in 103 countries around the world, largely government-based, sending information back to Hainan in China.MI5 and GCHQ have issued a series of warning about Chinese attempts to hack systems in Britain over the past three years.

    Pat Clawson, chief executive of the internet security firm Lumension, said the problem with the latest attack was that it was so easy to spot. “Traditional espionage tends to be conducted more discretely, but increasingly public cyber attacks are bringing the issue into public consciousness. In a digital age, it can be like airing your dirty laundry in public,” he said.

    But he said the attack may have been very effective, adding: “The redirection of traffic isn’t just political espionage, the inclusion of data from Dell, IBM, Microsoft and Yahoo raises concerns around corporate espionage.”
  3. RAM

    RAM The southern Man Senior Member

    Jul 15, 2009
    Likes Received:
    China's Internet Traffic 'Hijacking' Was Probably Not On Purpose

    The U.S.-China Economic and Security Review Commission released its annual report on Nov. 17, which advises Congress on a range of developments related to U.S.-China relations. The document covers economics and trade, military and security, foreign policy, energy and environment, and cybersecurity, among other topics.

    One of the chief reasons the report has become so highly anticipated in the weeks before its release is its coverage of an incident that occurred April 8 in which a large mass of international Internet traffic was rerouted through Chinese servers for about 16 minutes (18 minutes according to the commission’s report), including traffic from the United States, Canada, South Korea, Australia and many other countries. On that day, China Telecom Corp. Ltd., intentionally or not, broadcast false information suggesting that its routes would be faster than other routes. Internet routers in the United States and elsewhere responded by assessing all possible routes and pursuing the fastest one available — which is standard practice — and thus massive traffic was rerouted through China. The review commission report claims that traffic related to about 15 percent of the destinations on the Internet was rerouted through China.

    The commission asserts that there is no clear way to discern whether any Chinese telecoms firms affected or meddled with the information that traveled through their servers. And it is not clear that the rerouting itself was intentional. Instead, the report focuses on the implicit risks — the ability to affect the decisions made by Internet routers could lead to stolen information, disrupted data flows, or the delivery of information to a different destination than intended, and it could potentially serve as a large diversion for a more specific cyberattack. The report also raised concerns that the rerouted data could provide information that could be used to hack into encrypted information.

    Reasons to Doubt an Intentional ‘Hijacking’
    There are a few things to note about this. First, this type of mistake, in which a group of routers send misinformation to other routers resulting in a large shift in direction of the volume of traffic through the false routes, is not unprecedented in the history of the Internet, though it is uncommon. The incident reflected a well-known security hole in the very structure of the Internet — that routers generally operate on a basis of trust within an accepted community of other routers and have limited security protections against misinformation that could cause a redirection of traffic. Thus, the incident with China Telecom could have been a mistake — China Telecom, for its part, has denied that it “hijacked” Internet traffic. It appears that the misinformation originated with a smaller and perhaps less reliable Chinese router that had been authorized as a “peer” by China Telecom. Nevertheless, the fact that the April incident involved a Chinese company has raised suspicions because the United States and other states are rightfully concerned that Chinese entities have used their growing Internet capabilities for malicious purposes in the past.
    Second, the incident does not mark an invasion into secure systems. There was no violation of secure government networks or command-and-control infrastructure. The rerouting of traffic through the fastest available route is precisely how the Internet was meant to operate, so that if one location were to be knocked out, the information could simply take another route. The problem was that the Chinese routes were in fact not the fastest but were providing misinformation — whether through operators’ direction or accidentally — to other routers.
    Third, the massive amount of information that was rerouted through China’s servers during that brief period would not necessarily yield any sensitive information or deep intelligence. The report emphasizes that traffic through government and military locations (those familiar by Web addresses that end in .gov and .mil) were affected by this rerouting, but of course this traffic would have been affected among a great many other websites and other Internet traffic. There is not yet evidence that the government or military sites were directly targeted. Most of the rerouted information would probably have come from China and the surrounding region, where routers were more likely to accept the erroneous routing information they were receiving (whereas routers elsewhere in the world would have been more likely to reject the idea that the quickest route was through China). Nor is it clear whether China’s companies was able to save a snapshot of this information, but if they did manage to save copies, they would end up with a huge number of small packets of information that would have to be reassembled to recreate what they were looking for. This would be a gargantuan task, and while it is by no means outside China’s modus operandi to gather large quantities of information and use its large intelligence labor force to sift through it, it cannot be assumed that the intelligence gleaned in such a short time span would be hugely significant. Yet if the traffic rerouting were malicious, then the Chinese would not have been able to focus on targeted data and discarded the rest, which is what they currently do to censor domestic Internet material by means of the “Great Chinese Firewall.”
    None of this is to suggest that China’s cyber capabilities do not pose serious security threats to other nations, including the United States. The United States has become increasingly concerned about China’s state-owned and state-connected telecommunications and Internet firms, its army of hackers, and its censorship policies, as the commission report notes. Naturally, few states are willing to write off an anomalous cyber-related event with security implications such as the April 8 traffic rerouting as an “accident” when it originates in China. If China Telecom deliberately caused the rerouting, the purpose may well have been to test the waters, gauge the response times and countermeasures taken by foreign operators, and test China’s own capabilities. And even if the incident was a mistake or a fluke, it will not necessarily be perceived that way by others.

    America’s Growing Concerns about Cybersecurity
    The most important aspect of the Nov. 17 commission report is that it calls this security problem to the attention of American lawmakers, who are increasingly interested in drafting legislation that they believe will reduce the security risks of the Internet, especially when states like China provide ample reason for concern. The incident itself happened in April, and companies and government entities that fear they may have been compromised by the incident have had time to take safety measures and step up precautions. The U.S. government has emphasized that its encryption of data would have precluded intelligence compromises. But the risk remains that companies, especially companies closely associated with foreign governments, could use their growing cyber capabilities to redirect traffic for malicious purposes — even if only to cause a distraction while pursuing a more targeted attack, as some have suggested may have been the purpose of the April 8 incident. And this risk is enough to drive the U.S. government to focus more heavily on cybersecurity risks, as well as on China as the state that poses the greatest threat in this category.
    In the event that the U.S. government decides to take decisive action over this or other similar incidents, it is important to note that the United States does retain a large amount of leverage. Even without government action, American routers can reduce dependence on, blacklist or block specific Chinese companies, or whole swathes of Chinese Internet routes, to avoid such problems. Each router has specifically formed peer relationships with other routers (such as China Telecom), accepting announcements from their peer on the assumption that they are credible, and can revoke this relationship if the peer is deemed unreliable or disruptive. This option could be exercised if the Chinese state or state-controlled companies are shown to have had a hand in menacing incidents, or if such traffic hijackings from China become a repeat occurrence. At the moment, however, the incident — though of ambiguous nature and probably limited in its direct consequences — has served to highlight the American public’s and the government’s anxieties about vulnerabilities relating to the Internet, and this alone could have significant ramifications.
    *This report is reprinted with permission of STRATFOR. It may not be reprinted by any other party without express permission of STRATFOR.

    Read more:


Share This Page