Thursday, November 18, 2010

China internet hijack: a guide

Cyber terrorism is a growing threat, and of increasing concern to governments around the world. But just what did the latest alleged cyber attack by a Chinese telecommunications firm involve, and what purpose did it serve?

cyber terrorist
Hackers and cyber criminals could scan diverted web traffic for sensitive information, and use the data gathered to implant viruses or botnets in secure computer systems Photo: CLARE

China Telecom, a state-owned business, has denied US claims that it hijacked 15 per cent of the world’s web traffic for a total of 18 minutes earlier this year.
This included traffic to and from the websites of the US Army, Navy and Marine Corps, the office of the US defence secretary, the US Senate and Nasa, as well as more general internet traffic.
It is unclear whether the company was denying that traffic passed through its web servers at all on April 8, or simply that it was not diverted through its servers on purpose.

The United States has claimed that the diverted data might have allowed “a telecommunications firm to compromise the integrity of supposedly secure, encrypted sessions”, though there is no evidence, thus far, that any information was harvested from the diverted traffic.

The diversion was supposedly triggered when China Telecom issued a false notification from its servers to internet traffic on the web that told the traffic that the quickest way to reach its destination was to re-route through China Telecom’s servers.

The diversion, which affected predominantly US web traffic, remained in place for 18 minutes. It is unclear how, or by whom, that instruction to divert was rescinded.

Security experts said that cyber criminals could scan the diverted web traffic to build a list of the internet addresses of everyone who communicated in that period. Using that information, cyber criminals could create fake addresses, emanating from seemingly trusted sources, to trick web users in to clicking on links in emails or on websites, or opening apparently authorised attachments, which could actually plant a virus inside a computer system.

Such activity would be particularly worrying if a virus was activated on a highly secure network, such as military systems.

Worryingly, it seems the problem could happen again in future. The Border Gate Protocol – the mechanism by which traffic is routed around the web – is a fundamental building block of the internet, but lacks any true security measures to prevent malicious re-routing of traffic, says technology expert George Ou of Digital Society.

“Like most other fundamental building blocks of the internet, it was initially implemented with no security in mind and it continues to live without security because changes on the internet are so difficult on a living system that doesn’t tolerate outages,” he said.

The US government has stressed that it’s impossible to say if the diverted web traffic has been used for malicious purposes. It has also stressed that communications between government departments are encrypted prior to transmission.

No comments: