China hijacking hacking "hit 15% of net" says U.S.

China Telecom denies BGP-trombone hijacking allegations by U.S. review commission.

By Richi Jennings. November 18, 2010.

Chinese flag (VectorVault)
Traffic to 15 percent of internet destinations was rerouted via China in a route hijacking incident, earlier this year. The traffic included government and military communication, and has re-ignited the debate about BGP security. The PRC government denies any such event took place. In IT Blogwatch, bloggers ponder Chinese hackers reading their Facebook walls.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention guess the function of the THING...

Aunty Beeb reports:

The incident, which happened for 18 minutes last April, is published ... by the US-China Economic and Security review commission. ... China Telecom sent incorrect routing information, but it is not clear whether it was intentional.


Among traffic rerouted via China was that destined for ... the US Senate, the Office of the Secretary of Defence, Nasa and the Commerce Department.

Dan Goodin read the 328-page report:

The assessment ... claims that during two brief episodes in late March and early April, tainted network tables redirected huge amounts of internet traffic ... through Chinese internet providers. ... China Telecom advertised erroneous ... Border Gateway Protocol routes that funneled traffic through Chinese networks ...  traffic traveling to and from .gov and .mil domains, including those for the ... four branches of the military.


Internet engineers have long known of the BGP weakness, but ... there's been little done to fix it. ... The security of the global network [is] in many ways reduced to the honor system.

Nate Anderson adds detail, and worries about SSL/TLS:

The culprit here was "IP hijacking," a well-known routing problem in a worldwide system based largely on trust. ... When one party advertises incorrect routing information, routers across the globe can be convinced to send traffic on geographically absurd paths.


It's hard to know if anything bad happened here. The entire thing could have been a simple mistake. Besides ... content that is sensitive but still suitable for the public Internet should be encrypted. ... [But] The proliferation of certification authorities means ... there's speculation now that governments are involved in getting access to certificates in order to break encryption.

But this Anonymous Coward, claiming to be "an IP engineer at a major backbone provider," pours cold water on the fears:

Hyperbole. ... China Telcom -4134- would have to either send very ... specific routes and get max prefixes blown out, or send very general routes and lose to smaller routes.


The game soon ends. anyone who isn't running at the very least a max prefix is a cluetard and needs their peering revoked anyway. ... 4134 is always a hair's breath away from getting a smackdown.

Meanwhile, in the interests of political balance,  js3 thinks this thought:

Imagine how china feels when that 18mins is over and all their stuff goes through American servers.

In a similar vein, Mike "thesandbender" Traffanstead adds:

The bulk of US traffic is trunked off to closets in AT&T (and other) switch rooms. This is going to include ... any traffic that happens to be routed through the US while going between two points outside the US.

And Finally...

Let's play "guess the function of the Korean household appliance"

Don't miss out on IT Blogwatch:

Richi Jennings, your humble blogwatcher
  Richi Jennings is an independent analyst/consultant, specializing in blogging, email, and security. A cross-functional IT geek since 1985, you can follow him as @richi on Twitter, pretend to be richij's friend on Facebook, or just use good old email:

You can also read Richi's full profile and disclosure of his industry affiliations.

Copyright © 2010 IDG Communications, Inc.

Shop Tech Products at Amazon