Hacking US-based Internet traffic

Cyber-espionage is back in the spotlight. The newly released report from the US-China Economic and Security Review Commission makes great reading for those interested in economic and information warfare.

In addition to the usual discussion around propaganda and censorship in China, one can read about computer network exploitation (targeting primarily Indian diplomatic missions) and internet traffic manipulation. In the latter case, it appears that an important of global Internet traffic (15%*) was routed through a Chinese Internet Service Provider (ISP) for 18 minutes or so in April 2010 – affecting traffic to and from U.S. government (‘‘.gov’’) and military (‘‘.mil’’) sites as well as commercial sites (Dell, Yahoo!, Microsoft or IBM).

So, did China hack US-based Internet traffic? China Telecom (who owns the incriminated ISP) denies the allegations. While experts debate on whether the redirection was intentional or not (aka fat-finger mistake) a number of lessons are worth remembering. First, the technical framework on which the Internet is built depends on the goodwill of the participating ISP to play “fair”, something that cannot be presumed, either in China or anywhere else for that matter. Second, governments, businesses and individual users alike, must ensure sufficient level of encryption for information they deem sensitive but remember that it may not protect them from cyber-espionage. Last but not least, the battles for economic supremacy are increasingly likely to be fought online.

* According to C. Labovitz it is not 15% of traffic but 15% of routes that were diverted. Given that only a fraction of them propagated the traffic actually diverted could be as low as 0.015%