China's Internet Hijacking Uncovered

Illustration for article titled China's Internet Hijacking Uncovered

Cybercrime experts have found proof that China hijacked the Internet for 18 minutes last April. China absorbed 15% of the traffic from US military and civilian networks, as well as from other Western countries—a massive chunk. Nobody knows why.


We know how it happened, however. On April 8, China Telecom's routers sent messages declaring that their network channels were the fastest available at that point. Since the traffic routing is based on trust between the world's telecommunication providers, other Internet routers redirected their traffic through China's network.

Security expert Dmitri Alperovitch—VP of threat research at McAfee—says that this happens "accidentally" a few times a year, but this time it was different: The China Telecom network absorbed all the data and returned it without any significant delay. Before, this kind of accident would have resulted in communication problems, which lead experts to believe this wasn't an accident but a deliberated attempt to capture as much data as possible.

As of why this happened, nobody knows. Alperovitch added that the Chinese could have captured and manipulated data passing through their network:

This is one of the biggest - if not the biggest hijacks - we have ever seen. What happened to the traffic while it was in China? No one knows. Imagine the capability and capacity that is built into their networks. I'm not sure there was anyone else in the world who could have taken on that much traffic without breaking a sweat.

While the US government says that this is not alarming, it's certainly puzzling. It doesn't make sense for China Telecom to act in this extraordinary way without an specific objective. Perhaps it wasn't a malicious move, but it certainly seems like a test to its network power. In any case, it seems like it can happen again at any time.

I don't know about you, but I don't feel comfortable with the idea of China hijacking such a massive amount of information without explanation. [National Defense Magazine]




More sensational unqualified journalism from Jesus. Surprise.

As a network engineer, I can tell you it would be easy to make this kind of mistake by applying the wrong mask in the wrong place on a single core router. 18 minutes is just enough time for the mistake to have been made, noticed by some Chinese NOC and escalated until it was fixed.

Furthermore, in the case of the traffic being returned, it's not surprising since China routinely runs all traffic through a central filter (the Great Firewall). This is likely the default behavior of external routing behind their borders.

I've noticed that every time I read a Giz article that disgusts me, it has Jesus Diaz's name on it.