China Hijacked Internet Traffic From Federal Sites
For 18 minutes in April China Telecom re-routed traffic from .gov, .mil and other sites through Chinese servers, according to a Congressional commission.
A state-owned Chinese telecommunications firm "hijacked" Internet traffic in April, affecting traffic from U.S. government domains and raising serious implications for Internet safety, according to a report by a Congressional commission.
Affected was traffic going to and from U.S. .gov and .mil sites, including sites for the Senate, the four main armed services branches, the office of the Secretary of Defense, NASA, the Department of Commerce, the National Oceanic and Atmospheric Administration and others, according to the report.
Commercial websites for large technology companies -- including Dell, Yahoo, Microsoft and IBM -- also were re-routed during the diversion period.
Other servers around the world adopted the path opened up by China Telecom as well; during the 18 minutes, traffic to about 15 percent of Internet destinations was routed through servers located in China.
The commission said it could not determine what China Telecom did to the data that was diverted; however, such an incident and others like it could have a "number of serious implications" and enable "severe malicious activities."
Arbor Networks chief security officer Danny McPherson, who explained the implications of the incident to the panel, said that China Telecom could have intended the diversion to conceal a targeted attack, according to the report.
The level of access afforded by such a diversion also could have enabled the firm to conduct surveillance on specific users or sites, disrupt a data transaction, prevent a user from connecting to a site or send data somewhere a user did not intend, according to the report.
Indeed, the idea of China Telecom engaging in such activity is certainly troublesome, as a report prepared by Northrop Grumman last year for the U.S.-China Economic and Security Review Commission concluded that China is probably spying on the U.S. government to gain advantage for any potential cyber conflicts.
Moreover, some of the most sophisticated hacker attacks -- including one on Google in January that caused the vendor to withdraw from China -- also originated in that country.
Security Job #1 For FedsThe 2014 InformationWeek Government IT Priorities Survey shows federal IT pros care about security - itís rated as very important by 69% of respondents, 30 percentage points ahead of the No. 2 priority, disaster recovery. Will the upcoming NIST cyber-security framework help manage risk?
InformationWeek Must Reads Oct. 21, 2014InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.