Thursday, November 18, 2010

China manipulated Internet traffic report says

The annual report from the United States China Economic Security Review Commision has once again raised concerns over China and its use of the Internet. In the latest report there are particularly worrisome issues. According to the study around 15% of the worlds Internet traffic was redirected through servers owned by China's state owned China Telecom for 18 minutes. China has refuted the accusations. 

Dmitri Alperovitch, vice president of threat research for McAfee, said the rerouting of Internet traffic incident occurred in April. Most troubling about the incident is the apparent lack of motive as well as the fact that there were no obvious adverse side effects, at least so far.

But Larry Wortzel warned that an analysis of the data could be used to socially engineer phishing emails that might not be so easily identified by the recipient. Dr. Larry Wortzel, a retired Colonel in the US Army, is a leading authority on China and has written a number of books and studies examining the country's military ambitions. In his 2006 report, China's Military Policy in Space [PDF], Wortzel examined China's military goals and intentions in space as well as its technological capabilities. It also considers the means and measures needed to counter prospective Chinese threats and protect the United States

But since that book was published there has been growing concerns that China's military may be examining how to use the Internet as a weapon. The US government has said that the latest breach was not cause for alarm as classified information sent over US military networks is encrypted. But it was not only military networks whose data was rerouted. Nor was it only the US that became victim to what some refer to as a deliberate hacking by China. Some of the data that was hijacked came from American, Japanese and Australian military networks, but commercial sites were also affected. According to the USCC report sites, owned by the US Senate, the Army, Navy, Marine Corps, Office of the Secretary of Defense, Department of Commerce and the National Aeronautics and Space Administration, as well as commercial Web sites such as those for Dell, Yahoo!, Microsoft and IBM were targeted.

Speaking in congress Larry Wortzel said that with the use of powerful computers "you may get a little useful information" from the data that travelled through China's servers. It was also possible to "socially engineer a fake email" by analysing the IP addresses of the traffic he said. "If you were a pretty knowledgeable intelligence service, you would get the internet addresses of everybody that communicated. And then you could essentially engineer a fake e-mail," Wortzel said, "and if someone opened an attachment, you would then insert a virus into the whole system."

The concern is that China does indeed have some of the most powerful computers in the world. In fact by its own admission China has built the world's fastest supercomputer, the Tianhe-1A, which is capable of 2.57 quadrillion computing operations per second [Xinhua]. Such a computer would easily be able to sift through the terrabytes of information gleaned from April's hacking.

Wang Baodong (王寶東), spokesman for the Chinese embassy in Washington, has dismissed allegations that China deliberately hacked foreign networks. "The commission's specious and unwarranted allegations against China and its enterprises are irresponsible," Wang said. "China will never do anything to harm other countries' national security, either in real or virtual worlds."

The hijacking was made possible because of the way the global telecommunications grid operates; on trust. Internet data flows through the quickest and most efficient path identified by routers. On April 8, China Telecom told the world's Internet Service Providers that channels were the best for traffic, resulting in terrabytes of data being sent through the Chinese network, even if both sender and receiver were in the United States.

Alperovitch, who said McAfee was able to witness and monitor the redirection of the traffic, said the Chinese could have spied on or even modified the traffic as it flowed through their networks. They might also have been able to decrypt commercially encrypted files, Alperovitch said. Intentional or not, it is the largest successful "hijacking" or rerouting of Internet traffic ever, he said.

As well as Internet traffic manipulation the USCC report also focused on the continued and widespread use of censorship. The report said that there were signs of a "spillover of China's Internet censorship activities". In March 2010, reports surfaced that China's Internet censorship regime (known colloquially as ''the Great Firewall'') temporarily affected Internet users outside of China. Specifically, certain users in Chile and the United States who tried to access popular social media sites, including Twitter, YouTube, and Facebook, were denied access by being redirected to incorrect or nonexistent servers. This incident, which relates to the Internet ''Domain Name System'' illustrates the implications of China's effort to impose ''localized'' restrictions to something as inherently global in scope as the Internet [tvnewswatch, March 2010].

Although the Commission had no way to determine what, if anything, Chinese telecommunications firms did to the hijacked data, incidents of this nature could have a number of serious implications. This level of access could enable surveillance of specific users or sites. It could disrupt a data transaction and prevent a user from establishing a connection with a site. It could even allow a diversion of data to somewhere that the user did not intend, for example, to a ''spoofed'' site. Arbor Networks Chief Security Officer Danny McPherson explained that the volume of affected data could have been intended to conceal one targeted attack. Perhaps most disconcertingly, as a result of the diffusion of Internet security certification authorities, control over diverted data could possibly allow a telecommunications firm to compromise the integrity of supposedly secure encrypted sessions.

The report also highlights further concerns surrounding the way regulations and Internet controls affect trace and business. In particular there are worries at new regulations which force all technology companies to disclose sensitive cryptography information to Chinese authorities. Regulations require firms to turn over ''encryption algorithms, software source code and design specifications'' to ''government-connected testing laboratories,'' namely, the Certification and Accreditation Administration of China under China's General Administration of Quality Supervision, Inspection and Quarantine.
Firms that fail to comply with the new regulations may be prohibited from doing business in Chinese markets. Furthermore those that choose to comply may risk exposing their security measures or even their intellectual property to Chinese competitors. The USCC report also says that censorship is affecting trade. "China's Internet censorship activities have broad implications for the United States," it states. "Impeded information flows are destabilizing, particularly in the context of a crisis. Moreover, censorship in some respects is actually a barrier to trade, thereby undermining US businesses' ability to operate in China." 

[BBC / CNN / Time / Washington Post / Bloomberg

USCC 2010 report full [PDF] / Chapter index /  USCC 2010 report China's Domestic Internet Censorship Activities [PDF] / USCC 2010 report External Implications of China's Internet-Related Activities [PDF] / Recommendations [PDF

tvnewswatch, London, UK

No comments: