A number of sources, including this report in Ars Technica on 11/18/10, the US-China Economic and Security Review Commission released a 300+ page report (PDF) today and provided the US Congress with a detailed overview of what's been happening in China—including a curious incident in which 15 percent of the world's Internet traffic suddenly passed through Chinese servers on the way to its destination.
Here's how the Commission describes the incident, which took place earlier this year:
For about 18 minutes on April 8, 2010, China Telecom advertised erroneous network traffic routes that instructed US and other foreign Internet traffic to travel through Chinese servers. Other servers around the world quickly adopted these paths, routing all traffic to about 15 percent of the Internet’s destinations through servers located in China. This incident affected traffic to and from US government (‘‘.gov’’) and military (‘‘.mil’’) sites, including those for the Senate, the army, the navy, the marine corps, the air force, the office of secretary of Defense, the National Aeronautics and Space Administration, the Department of Commerce, the National Oceanic and Atmospheric Administration, and many others. Certain commercial websites were also affected, such as those for Dell, Yahoo!, Microsoft, and IBM.
The culprit here was "IP hijacking," a well-known routing problem in a worldwide system based largely on trust. Routers rely on the Border Gateway Protocol (BGP) to puzzle out the best route between two IP addresses; when one party advertises incorrect routing information, routers across the globe can be convinced to send traffic on geographically absurd paths.
Here's a transcript and audio from NPR, which shows the real security dangers of this hijacking, that China telecom denies. Briefly, Dmitri Alperovitch, the vice president of threat research for the cyber security firm McAfee, points out that, the security risk is quite significant. Certainly all this data could've been eavesdropped on and wire-tapped. It could've been also modified in flight and the recipient of that data could've been presented with something totally different. Also, a lot of the - what are known as VPNs, virtual private networks, traverse the Internet and are encrypted with these mechanisms that can be broken. You can indeed gain access to private networks of organizations through this hijacking method.
Nice, right? There is more, read on...
No comments:
Post a Comment