h1

How China swallowed US web traffic…

November 21, 2010


In a 300+ page report (PDF) today, the US-China Economic and Security Review Commission provided the US Congress with a detailed overview of what’s been happening in China—including a curious incident in which 15 percent of the world’s Internet traffic suddenly passed through Chinese servers on the way to its destination.
Here’s how the Commission describes the incident, which took place earlier this year
:

For about 18 minutes on April 8, 2010, China Telecom advertised erroneous network traffic routes that instructed US and other foreign Internet traffic to travel through Chinese servers. Other servers around the world quickly adopted these paths, routing all traffic to about 15 percent of the Internet’s destinations through servers located in China. This incident affected traffic to and from US government (‘‘.gov’’) and military (‘‘.mil’’) sites, including those for the Senate, the army, the navy, the marine corps, the air force, the office of secretary of Defense, the National Aeronautics and Space Administration, the Department of Commerce, the National Oceanic and Atmospheric Administration, and many others. Certain commercial websites were also affected, such as those for Dell, Yahoo!, Microsoft, and IBM.

The culprit here was “IP hijacking,” a well-known routing problem in a worldwide system based largely on trust. Routers rely on the Border Gateway Protocol (BGP) to puzzle out the best route between two IP addresses; when one party advertises incorrect routing information, routers across the globe can be convinced to send traffic on geographically absurd paths.

This happened famously in 2008, when Pakistan blocked YouTube. The block was meant only for internal use, and it relied on new routing information that would send YouTube requests not to the company’s servers but into a “black hole.”

As we described the situation at the time, “this routing information escaped from Pakistan Telecom to its ISP PCCW in Hong Kong, which propagated the route to the rest of the world. So any packets for YouTube would end up in Pakistan Telecom’s black hole instead.” The mistake broke YouTube access from across much of the Internet.

The China situation appears to have a similar cause. The mistaken routing information came from IDC China Telecommunications, and it was then picked up by the huge China Telecom. As other routers around the world accepted the new information, they began funneling huge amounts of US traffic through Chinese servers, for 18 minutes.

As with many things involving cyberattacks and Internet security, it’s hard to know if anything bad happened here. The entire thing could have been a simple mistake. Besides, Internet traffic isn’t secure and already passes through many servers outside of one’s control. Content that is sensitive but still suitable for the public Internet should be encrypted. Still, the Commission points out the many possible problems that such an IP hijack could cause.

Although the Commission has no way to determine what, if anything, Chinese telecommunications firms did to the hijacked data, incidents of this nature could have a number of serious implications. This level of access could enable surveillance of specific users or sites. It could disrupt a data transaction and prevent a user from establishing a connection with a site. It could even allow a diversion of data to somewhere that the user did not intend (for example, to a ‘‘spoofed’’ site). Arbor Networks Chief Security Officer Danny McPherson has explained that the volume of affected data here could have been intended to conceal one targeted attack.

What about encryption?

Perhaps most disconcertingly, as a result of the diffusion of Internet security certification authorities, control over diverted data could possibly allow a telecommunications firm to compromise the integrity of supposedly secure encrypted sessions.

The proliferation of certification authorities means that “untrustworthy” certification authorities are much harder to police, and there’s speculation now that governments are involved in getting access to certificates in order to break encryption.

China has openly sought all sorts of encryption information for years, including the source code for routers, network intrusion systems, and firewalls. Those rules went into effect in May 2010, and they require foreign firms to submit this information to Chinese authorities before the government will purchase any such products.

But because the government review panels contain employees of rival Chinese firms, and because providing this information could make a company’s worldwide products more susceptible to Chinese hacking or cyberattacks (which would in turn kill sales of said products in most countries), the Commission notes that no foreign firm has yet submitted to the new scheme.

Source: http://arstechnica.com/security/news/2010/11/how-china-swallowed-15-of-net-traffic-for-18-minutes.ars

Advertisements

4 comments

  1. China Hijacks 15% Of Internet Traffic? More Like .015%…

    Hey, thank you your writing style is amazing. just found your site on yahoo. come back later for sure :)…


  2. […] This post was mentioned on Twitter by Ian and Muhammed Ahmed, QUTAIBA انقلابی. QUTAIBA انقلابی said: How China swallowed US web traffic…: http://t.co/ky8lEFs #CHINA #PKTP #PAKISTAN #KARACHI #LAHORE #USA #WEB […]



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: