Nearly 15 percent of the world’s Internet traffic, including that of many U.S. government and military sites, was briefly redirected through computer servers in China in April, according to a congressional commission report due out this week.
It is not clear whether the incident was deliberate, but the capability could enable severe malicious activities including the diversion of data and the interception of supposedly secure encrypted Internet traffic, the U.S.-China Economic and Security Review Commission states in a report to Congress.
A draft copy of the report, which is to be released Wednesday but viewed by The Washington Times, reports for the first time that .gov and .mil websites were affected by the 18-minute-long April 8 redirection, including those for the Senate, all four military services, the office of the secretary of defense, the National Aeronautics and Space Administration, the Department of Commerce, the National Oceanic and Atmospheric Administration “and many others,” as well as commercial websites including those of Dell, Yahoo, Microsoft and IBM.
In effect, Internet traffic to and from those sites was wrongly told that the best route it could take to its destination was through servers in China.
The redirection, though brief, could have enabled “surveillance of specific users or sites [and] … could even allow a diversion of data to somewhere that the user did not intend,” the report states. The huge volume of traffic redirected could have been intended to cover a targeted attack on a single website or user.
“Perhaps most disconcertingly … control over diverted data could possibly allow a telecommunications firm to compromise the integrity of supposedly secure encrypted sessions,” the report adds.
It remains unclear whether the redirection was intentional, the report says, but it demonstrates that it is possible for malicious actors to seize control of the Internet and redirect traffic.
“Evidence related to this incident does not clearly indicate whether it was perpetrated intentionally and, if so, to what ends,” the report says. “Regardless of whether Chinese actors actually intended to manipulate U.S. and other foreign Internet traffic, China’s Internet engineers have the capability to do so.”
The commission notes that Beijing is exercising considerable control over the Internet inside China, and over the limited debate it permits on certain topics on the Web, in an effort to defuse popular demands for reform - a phenomenon it dubs “networked authoritarianism.” The news comes as Google has issued a call to Western governments to challenge Internet censorship as a restraint on global trade.
The report further notes that China has a history of “malicious computer activities” that “raise questions about whether China might seek intentionally to leverage these abilities to assert some level of control over the Internet, even for a brief period.”
Any such attempt, the report states, “would likely be counter to the interests of the United States and other countries.”
“At the very least, these incidents demonstrate the inherent vulnerabilities in the Internet’s architecture,” the report concludes.
Internet traffic moves through the network in small data packets, its route determined by instructions, known as protocols, provided by special servers around the globe.
On April 8, according to Web security specialists, a small Chinese Internet service provider published a set of instructions under the Border Gateway Protocol, that directed Web traffic from about 37,000 networks to route itself via computer servers in China.
The list was republished by China Telecom and briefly propagated itself across the global Web, which works on a trust system, with each server updating its routing instructions based on data provided by others in the network.