What's new

15 Percent of All Internet Traffic Secretly Rerouted Through China

CONNAN

SENIOR MEMBER
Joined
Feb 23, 2009
Messages
3,381
Reaction score
0
Country
India
Location
United States
Cyber Experts Have Proof That China Has Hijacked U.S.-Based Internet Traffic - Blog

For 18 minutes in April, China’s state-controlled telecommunications company hijacked 15 percent of the world’s Internet traffic, including data from U.S. military, civilian organizations and those of other U.S. allies.

This massive redirection of data has received scant attention in the mainstream media because the mechanics of how the hijacking was carried out and the implications of the incident are difficult for those outside the cybersecurity community to grasp, said a top security expert at McAfee, the world’s largest dedicated Internet security company.

In short, the Chinese could have carried out eavesdropping on unprotected communications — including emails and instant messaging — manipulated data passing through their country or decrypted messages, Dmitri Alperovitch, vice president of threat research at McAfee said.

Nobody outside of China can say, at least publicly, what happened to the terabytes of data after the traffic entered China.

The incident may receive more attention when the U.S.-China Economic and Security Review Commission, a congressional committee, releases its annual report on the bilateral relationship Nov. 17. A commission press release said the 2010 report will address “the increasingly sophisticated nature of malicious computer activity associated with China.”

Said Alperovitch: “This is one of the biggest — if not the biggest hijacks — we have ever seen.” And it could happen again, anywhere and anytime. It’s just the way the Internet works, he explained. “What happened to the traffic while it was in China? No one knows.”

The telephone giants of the world work on a system based on trust, he explained. Machine-to-machine interfaces send out messages to the Internet informing other service providers that they are the fastest and most efficient way for data packets to travel. For 18 minutes April 8, China Telecom Corp. told many ISPs of the world that its routes were the best paths to send traffic.

For example, a person sending information from Arlington, Va., to the White House in Washington, D.C. — only a few miles away — could have had his data routed through China. Since traffic moves around the world in milliseconds, the computer user would not have noticed the delay.

This happens accidentally a few times per year, Alperovitch said. What set this incident apart from other such mishaps was the fact that China Telecom could manage to absorb this large amount of data and send it back out again without anyone noticing a disruption in service. In previous incidents, the data would have reached a dead end, and users would not have been able to connect.

Also, the list of hijacked data just happened to include preselected destinations around the world that encompassed military, intelligence and many civilian networks in the United States and other allies such as Japan and Australia, he said. “Why would you keep that list?” Alperovitch asked.

The incident involved 15 percent of Internet traffic, he stressed. The amount of data included in all these packets is difficult to calculate. The data could have been stored so it could be examined later, he added. “Imagine the capability and capacity that is built into their networks. I’m not sure there was anyone else in the world who could have taken on that much traffic without breaking a sweat,” Alperovitch said.

McAfee has briefed U.S. government officials on the incident, but they were not alarmed. They said their Internet communications are encrypted. However, encryption also works on a basis of trust, McAfee experts pointed out. And that trust can be exploited.

Internet encryption depends on two keys. One key is private and not shared, and the other is public, and is embedded in most computer operating systems. Unknown to most computer users, Microsoft, Apple and other software makers embed the public certificates in their operating systems. They also trust that this system won’t be abused.

Among the certificates is one from the China Internet Information Center, an arm of the China’s Ministry of Information and Industry.

“If China telecom intercepts that [encrypted message] and they are sitting on the middle of that, they can send you their public key with their public certificate and you will not know any better,” he said. The holder of this certificate has the capability to decrypt encrypted communication links, whether it’s web traffic, emails or instant messaging, Alperovitch said. “It is a flaw in the way the Internet operates,” said Yoris Evers, director of worldwide public relations at McAfee.

No one outside of China can say whether any of these potentially nefarious events occurred, Alperovitch noted. “It did not make mainstream news because it is so esoteric and hard to understand,” he added. It is not defined as a cyberattack because no sites were hacked or shut down. “But it is pretty disconcerting.”

And the hijacking took advantage of the way the Internet operates. “It can happen again. They can do it tomorrow or they can do it in an hour. And the same problem will occur again.”

Read more about the increasingly sophisticated nature of cyberespionage and attacks in the January issue of National Defense Magazine.
 
. .
No its not that easy.
But the point is if they can direct Traffic with that kind of load they can easily create a fake(phished) global servers of popular sites and since the Chinese information certificate is pre installed that key might be used to create a huge large scale man-in the middle attack even for Encrypted traffic ... and no one ( majority ) would not even know that they are actually going through a phished site...


:coffee:
 
.
For 18 minutes April 8, China Telecom Corp. told many ISPs of the world that its routes were the best paths to send traffic.

What is this supposed to mean ?

Aren't the routers suppose to choose routes based on several factors like cost and hop count among others. This is inbuilt into routing algorithms Obviously, so many routers cannot be manually configured at the same time, they were all working on routing algorithms.

How can China telecom advertise that its routers will provide the best routes and that too only for 18 minutes ?
 
.
Mate agreed but what if majority of the the routers are Chinese ...
not propagating any conspiracy theory...
the firmware (OS) can be used to override default (best) routes...
:)


:coffee:
 
.
Mate agreed but what if majority of the the routers are Chinese ...
not propagating any conspiracy theory...
the firmware (OS) can be used to override default (best) routes...
:)

:coffee:

How is that possible?

China telecom routers advertised to routers of world ISP's saying their routes were most cost effective.

2/3rd's of world routers are either Cisco or 3Com make. How does China hardware manufacturers play a role in this?
 
.
so u agree 1/3 is Chinese so 15% is below 1/3 ....
also see ...there are many ways ...
First the way i said ...
second .. Temporarily take down the best routes or ensure they are no longer the best routes (by way of traffic or DOS).
or Phish.... it to Servers in China and then re route it back to the original destination by messing up DNS Servers this way automatically all traffic will go through the desired path ... because their destination changes to the fake (phished) servers and its location and later to the original destination.

PM me if u want more details

:coffee:
 
.
so u agree 1/3 is Chinese so 15% is below 1/3 ....
also see ...there are many ways ...
First the way i said ...
second .. Temporarily take down the best routes or ensure they are no longer the best routes (by way of traffic or DOS).
or Phish.... it to Servers in China and then re route it back to the original destination by messing up DNS Servers this way automatically all traffic will go through the desired path ... because their destination changes to the fake (phished) servers and its location and later to the original destination.

PM me if u want more details

:coffee:

Dude I am not saying 1/3 rd are Chinese, they are of the remaining make.

Cisco, 3Com, Dlink are top most manufacturers.

Lets discuss this in detail later. If you have more details, then you can send via PM to me, I will go through them and will get back to you.
 
.
I am not saying 1/3 is Chinese ...lol that was dumb of me to put it that way ...
but the second or third method is quite possible...
and also if you can manipulate of of the core routers of any of the NSP
(Network Service Provider) you can control the flow quite a bit of data as you can create a cascading effect.

:coffee:
 
.
while an average tea party cow boy will jump up and down his ox over this..Any techy person familiar with TCP/IP routing protocols knows this is insanely difficult it not impossible and requires an admin access to thousands of routers installed by independent upstream providers..a massive man power in planning and implementation. A technically very challenging task let alone be is portrayed as simple as a light switch. In any case if a country acquires such capability, it is likely to be discovered immediately due to the manner BGP protocol propagates routing information.

Remember how a minor router mis config in Pakistan took down youtube world wide.

the so called experts have proof about everything "Chinese" much like India has for everything "Pakistani". Such a beauty of $itocracy that most incompetent and morons are the highest power brokers of bureaucracy.
 
.
good joke. impossible to carry out. who knows if the US actually did it and now tries to blame us to deflect attention.
 
.
Sensitive and classified information isn't sent via unencrypted email or net traffic anyhow. If this actually happened, they'd get a bunch of ****, maybe harvest some personal data, but nothing earth-shaking.
 
.
Back
Top Bottom