Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Internet hijack claims denied by China Telecom

BGP tampering behind domain redirection

Article comments

China Telecom has issued a curt denial that it was complicit in a claimed ‘hijacking’ of Internet traffic earlier this year that saw large volumes of data between sensitive US military and commercial websites briefly travelling through its servers.

According to yesterday’s 2010 Report to Congress by the US-China Economic and Security Review Commission, on 8 April 2010, for about 18 minutes, routing tables on DNS servers at China Telecom were apparently altered in a way that instructed other servers around the globe to re-route a large volume of Internet traffic through its infrastructure.

This could have compromised traffic to 15 percent of global domains, which happen to include, “the Senate, the army, the navy, the marine corps, the air force, the office of secretary of Defense, the NASA, the Department of Commerce, the National Oceanic and Atmospheric Administration,” as well as Yahoo, Microsoft and IBM, the report noted.

In a statement now reportedly emailed to AFP, a China Telecom statement "denied any hijack of Internet traffic" without elaborating further.

What happened is fairly straightforward and would have involved tampering with the routing tables maintained by China Telecom and peered to other primary DNS servers using the Border Gateway Protocol (BGP). The origin of this manipulaiton is believed to have been a third-party ISP, IDC China telecommunications, which makes it a certainty that this was a deliberate act.

“While in Beijing, those data could conceivably be monitored, censored, or replaced with other data. This could take place quickly enough to go unnoticed by the computer user,” said the report authors.

How the issue was discovered in not mentioned but would have most likely have been at China Telecom. Monitors in the US would have noticed the matter after the event. Working out the motivation for the attack – the routing data covered a large number of less sensitive domains as well as the ones mentioned – will probably prove impossible.

The claimed ‘attack’ will attract huge attention because it underlines the vulnerability of the Internet to simple incursions that subvert its trust routing model. This was once of little consequence as most of the Internet was in the US, but the system is now global and attempts to subvert routing data are said by experts to be routine.  

Indeed, manipulation of basic routing functions is standard to Internet censorship regimes the world over. It can go wrong spectacularly. In February 2008, what is now believed to have been a botched censorship attack through Pakistan Telecom on YouTube content resulted in the service being disrupted globally.

The report quoted a submission from Arbor Networks' CSO Danny McPherson that the intention of the attack could have been to hide an unknown targeted attack.

None of this will be easy to fix but a greater emphasis can be put on BGP monitoring to spot such issues before they get to a damaging level.

In the US, headlines will project yet another US-China Internet security confrontation but this event should be put into some context. It is covered by only a few paragraphs around page 250 of a wide-ranging congressional report that is nevertheless reluctant to lay the blame directly at the feet of the Chinese government.

The Chinese Foreign Ministry has reportedly refused to comment on the matter.



Share:

More from Techworld

More relevant IT news

Comments

The IT Security Guru said: routing tables on DNS servers There are no routing tables on DNS servers The April 2010 incident was a BGP routing issue it had nothing to do with DNS



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *