Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

Cyber Experts Have Proof That China Has Hijacked US

advertisement 
Cyber Experts Have Proof That China Has Hijacked U.S.-Based Internet Traffic
National Defense Magazine
11/12/2010
For 18 minutes in April, China’s state-controlled telecommunications company hijacked 15 percent of
the world’s Internet traffic, including data from U.S. military, civilian organizations and those of other
U.S. allies.
This massive redirection of data has received scant attention in the mainstream media because the
mechanics of how the hijacking was carried out and the implications of the incident are difficult for
those outside the cybersecurity community to grasp, said a top security expert at McAfee, the world’s
largest dedicated Internet security company.
In short, the Chinese could have carried out eavesdropping on unprotected communications — including
emails and instant messaging — manipulated data passing through their country or decrypted
messages, Dmitri Alperovitch, vice president of threat research t McAfee said.
Nobody outside of China can say, at least publicly, what happened to the terabytes of data after the
traffic entered China.
The incident may receive more attention when the U.S.-China Economic and Security Review
Commission, a congressional committee, releases its annual report on the bilateral relationship Nov. 17.
A commission press release said the 2010 report will address “the increasingly sophisticated nature of
malicious computer activity associated with China.”
Said Alperovitch: “This is one of the biggest — if not the biggest hijacks — we have ever seen.” And it
could happen again, anywhere and anytime. It’s just the way the Internet works, he explained. “What
happened to the traffic while it was in China? No one knows.”
The telephone giants of the world work on a system based on trust, he explained. Machine-to-machine
interfaces send out messages to the Internet informing other service providers that they are the fastest
and most efficient way for data packets to travel. For 18 minutes April 8, China Telecom Corp. told many
ISPs of the world that its routes were the best paths to send traffic.
For example, a person sending information from Arlington, Va., to the White House in Washington, D.C.
— only a few miles away — could have had his data routed through China. Since traffic moves around
the world in milliseconds, the computer user would not have noticed the delay.
This happens accidentally a few times per year, Alperovitch said. What set this incident apart from other
such mishaps was the fact that China Telecom could manage to absorb this large amount of data and
send it back out again without anyone noticing a disruption in service. In previous incidents, the data
would have reached a dead end, and users would not have been able to connect.
Also, the list of hijacked data just happened to include preselected destinations around the world that
encompassed military, intelligence and many civilian networks in the United States and other allies such
as Japan and Australia, he said. “Why would you keep that list?” Alperovitch asked.
The incident involved 15 percent of Internet traffic, he stressed. The amount of data included in all these
packets is difficult to calculate. The data could have been stored so it could be examined later, he added.
“Imagine the capability and capacity that is built into their networks. I’m not sure there was anyone else
in the world who could have taken on that much traffic without breaking a sweat,” Alperovitch said.
McAfee has briefed U.S. government officials on the incident, but they were not alarmed. They said their
Internet communications are encrypted. However, encryption also works on a basis of trust, McAfee
experts pointed out. And that trust can be exploited.
Internet encryption depends on two keys. One key is private and not shared, and the other is public, and
is embedded in most computer operating systems. Unknown to most computer users, Microsoft, Apple
and other software makers embed the public certificates in their operating systems. They also trust that
this system won’t be abused.
Among the certificates is one from the China Internet Information Center, an arm of the China’s Ministry
of Information and Industry.
“If China telecom intercepts that [encrypted message] and they are sitting on the middle of that, they
can send you their public key with their public certificate and you will not know any better,” he said. The
holder of this certificate has the capability to decrypt encrypted communication links, whether it’s web
traffic, emails or instant messaging, Alperovitch said. “It is a flaw in the way the Internet operates,” said
Yoris Evers, director of worldwide public relations at McAfee.
No one outside of China can say whether any of these potentially nefarious events occurred, Alperovitch
noted. “It did not make mainstream news because it is so esoteric and hard to understand,” he added. It
is not defined as a cyberattack because no sites were hacked or shut down. “But it is pretty
disconcerting.”
And the hijacking took advantage of the way the Internet operates. “It can happen again. They can do it
tomorrow or they can do it in an hour. And the same problem will occur again.”
Posted at 9:50 AM by Stew Magnuson | Permalink | Email this Post | Comments (23)
Comments
Re: Cyber Experts Have Proof That China Has Hijacked U.S.-Based Internet Traffic
This is a huge wake up call to our Cyber Policy Leadership in the White House and in the Pentagon. The
US should not be doing ANY business with China owned telecom/equipment companies for this very
reason. I would have liked to seen a perspective on China's effort to buy into US based Telecom
companies. This significantly increases the threat, and requires immediate action.
Federal Agencies will need to step up their technology acquisition processes to include a check for
potential Chinese made routers, switches and/computers that could expand China's ability to break into
our secure networks.
John A Weiler at 11/15/2010 5:20 PM
Re: Cyber Experts Have Proof That China Has Hijacked U.S.-Based Internet Traffic
As Michael Stevens mentions in his article titled, "China's Growing Cyber Threat, "China is directing “the
single largest, most intensive foreign intelligence gathering effort since the Cold War” against the United
States."
http://www.securityweek.com/chinas-cyber-threat-growing
China is investing in the resources needed for “building an informationalized force and winning an
informationalized war,” including a 1,100 person cyber operation with a submarine cave entrance
worthy of a James Bond film, all hidden beneath the white sands and villages of Hainan Island, a popular
tourist destination.
Mike at 11/15/2010 11:49 PM
Re: Cyber Experts Have Proof That China Has Hijacked U.S.-Based Internet Traffic
Where's the part about Deutsche Telekom who's been hijacking data streams for specific Shanghai IP
ranges for several WEEKS? (A slowdown which *was* noticeable by those affected.)
jeff at 11/16/2010 1:01 AM
Re: Cyber Experts Have Proof That China Has Hijacked U.S.-Based Internet Traffic
wow. that's crazy. i thought the rule was just don't browse the internet in china. didn't realize they could
still attack me in my own home.
sucks.
http://tech.rawsignal.com
troy at 11/16/2010 1:34 AM
Re: Cyber Experts Have Proof That China Has Hijacked U.S.-Based Internet Traffic
Talk to Cisco.
David C. Manchester at 11/16/2010 2:12 AM
Re: Cyber Experts Have Proof That China Has Hijacked U.S.-Based Internet Traffic
I am sorry to say that, but you are wrong regarding the safety of encrypted communication. The peers
using encryption to communicate, exchange the public keys. As the word 'public' means, there is no
harm if the public key is known to a third party, because the key is intended to be known to anybody.
Indeed, there is some risk of the man-in-the-middle attack but your e-mail agent, web browser or ssh
terminal should inform you the security certificate of the peer is not trusted.
See: en.wikipedia.org/wiki/Diffie–Hellman_key_exchange
Maksymilian Wojakowski at 11/16/2010 2:35 AM
Re: Cyber Experts Have Proof That China Has Hijacked U.S.-Based Internet Traffic
One of the biggest weaknesses is the list of "root certificates" bundled with every browser.
It is not a standard list, every browser developer has its own rules and regulations what he will add.
There was a security incident a few months ago that all major browsers were adding an old, out-of-use
certificate that no one really knew well.
Then, a lot of root certificates are from US based companies - and it is already known that some US state
agencies can easily decrypt traffic that is encrypted via these certificates by using special "keys".
I suppose it will be the same for China state agencies and the Chinese certificates.
In our case (https://secure.cloudsafe.com/) we opted for a Swiss root certificate. It is one of the very
few independent and secure authorities in the world.
Roberto at 11/16/2010 3:45 AM
Re: Cyber Experts Have Proof That China Has Hijacked U.S.-Based Internet Traffic
"from Arlington, Va., to the White House in Washington, D.C. — only a few miles away — could have
had his data routed through China"
Quite unlikely, while the prefix might have been pick-up, the routers would have been determined it is
not the best path from VA to China to the White House, and would have choose to send traffic in China
due to the cost of such routing.
The incident lasted 18 minutes.
The one really impacted might have been Asian traffic, but due to the time line of the incident a human
error is a very possible scenario too.
Cliffer at 11/16/2010 4:48 AM
Re: Cyber Experts Have Proof That China Has Hijacked U.S.-Based Internet Traffic
Cisco what have you done? It's ironic. A U.S Company named Cisco is the one who provides China with
all the hi-tech network devices. USA is really a weird country. You promote Chinas activities by selling
and cooperating with them the best network equipment and the most advanced., yet you start whining
when they hijack the world and your own country.
J at 11/16/2010 5:55 AM
Re: Cyber Experts Have Proof That China Has Hijacked U.S.-Based Internet Traffic
Tea cup + Storm.
Why are some people in the states so freaked out about China? Get over it. They are no threat. Not
now, not before and not in the future - learn from history people.
As to the key stuff...the author thinks we are all dumb and has forgotten about the concept of one way
trap door algorithms, DH encryption and finger printing.
I am reminded of that South Park episode that came out the week after the 2008 Olympics.... pathetic.
Richard Ford at 11/16/2010 6:20 AM
Re: Cyber Experts Have Proof That China Has Hijacked U.S.-Based Internet Traffic
Trust the SWISS? Perhaps you should read:
http://en.wikipedia.org/wiki/Crypto_AG
It is a well known case of how it was leaked that a very respected Swiss company was a front for NSA
operations. Even the Vatican threw away some of their encryption devices in the 90s once this
information became public knowledge.
Good Luck against the Chinese. The world has given them the keys to the kingdom they produce the
chips that run the worlds computers, no? Feeble attempts from people that do not know what goes into
the microcode....Game over Bubba!
Swiss Cheese at 11/16/2010 6:45 AM
Re: Cyber Experts Have Proof That China Has Hijacked U.S.-Based Internet Traffic
@Roberto - It doesn't matter which CA one uses. As long as another CA appears in a browser's trusted
root list, that other CA can issue a rogue certificate against our domain.
There is no added benefit of using one CA over another. All CAs in the browser's trusted root list have
equal standing.
cjp at 11/16/2010 9:32 AM
Re: Cyber Experts Have Proof That China Has Hijacked U.S.-Based Internet Traffic
The description of "Internet encryption" in this piece, particularly in the context of discussing military
and intelligence traffic, is simplistic and unbecoming of a publication with the word "defense" in the
title. There are other means of doing transport security on the Internet, ones that do not rely on
assymetric keys at all, or employ securely managed assymetric keying -- it is fairly disappointing this is so
completely missed here.
JHK at 11/16/2010 10:32 AM
Re: Cyber Experts Have Proof That China Has Hijacked U.S.-Based Internet Traffic
BGPmon.net has a detailed explanation of what exactly happened that day:
http://bgpmon.net/blog/?p=282
If this was an intentional attack instead of an accident, they didn't really try to hide this attack. There are
ways to have this attack executed in a more stealth mode.
BGP Dude at 11/16/2010 11:17 AM
Re: Cyber Experts Have Proof That China Has Hijacked U.S.-Based Internet Traffic
Er, anyone got any proof? Of course not. Anti Chinese propaganda. Uncle Sam's got no money left and
wants to blame someone, how about the guys that have been lending you theirs. Pathetic.
Geltmeister at 11/16/2010 3:49 PM
Re: Cyber Experts Have Proof That China Has Hijacked U.S.-Based Internet Traffic
Yeah...but...but....but they like paper lanterns, and dragon parades and the "pop-pop-pop" of
firecrackers and Americans love Crab Rangoon and General TSO's chicken. They must be our friends.
Vox at 11/16/2010 4:43 PM
Re: Cyber Experts Have Proof That China Has Hijacked U.S.-Based Internet Traffic
The list of certificates bundled with every web browser on the planet includes multiple certificates
under the control of the Chinese Government. Given access to these certs, the protections provided by
SSL and S/MIME are worthless.
CA Dude at 11/16/2010 5:11 PM
Re: Cyber Experts Have Proof That China Has Hijacked U.S.-Based Internet Traffic
"Since traffic moves around the world in milliseconds, the computer user would not have noticed the
delay."
This is not correct. Traffic going from the East coast to China and back, even at close to the speed of
light, will always take much longer than "sending information only a few miles away".
Washington, DC to Beijing, China and back is 23342 miles, or 0.125 light seconds, whereas "a few miles"
would be closer to 0.00001 seconds.
That's why large web sites distribute their content on servers across the globe, so the one closest to the
user can respond.
Mike at 11/16/2010 5:45 PM
Re: Cyber Experts Have Proof That China Has Hijacked U.S.-Based Internet Traffic
This article is so-god-damned simplistic and more rumors. The Chinese didn't even try to hide it as per
the BGPmon.net monitor. I'm 99% sure this was simply a fat-finger good old fashioned programming
error on their peering/IP transit routers. This has HAPPENED MANY TIMES IN THE US/CANADA AND
EUROPE.
Oh and BTW, the Chinese great firewall/DPI (deep packet inspection) "Golden Shield" according to
public documents these days is mostly Huawei high-end routers including the NE80E, SIG9800 and a few
others. Huawei have sold this product WORLDWIDE including Europe and the Middle East and they
simply market the product/engineer the product like Cisco & Juniper. The Chinese government (aka CCP,
some propaganda department probably) is responsible for the operation of the filter lists which gets
passed to the semi-nationalized telecom operators (China Telecom, China Unicom/(ex. Netcom), China
Mobile and a few others licensed for international inter-connect). China Telecom uses AS4134 and
Unicom/Netcom uses 4837 for international peering with foreign countries. There are a few other
Chinese AS'es I believe but those are for special reserved usage like VPN. The way it works is very simple,
there are two layers. There's an internal AS layer within the provinces of China (not connected to
outside the country) and an international layer. All international peering/IP-transit traffic is connected to
a Cisco/Juniper device which passes all traffic to a Huawei DPI (deep packet inspection) for high-speed
ASIC based filtering. If a keyword matches (e.g. twitter, facebook) the packet is dropped and the Chinese
have aggregate logged data of filtered data like any other commercial product off the Huawei device. It
is technically impossible to do massive packet capture unless they are specifically targeting something.
The Chinese-fucked up routes probably sent to Chinese-border international border routers, their
Huawei DPI probably dropped those packets. They also manipulate/use faux-DNS using their Huawei
DPI. (So if you use opendns in China the DNS will still be manipulated, it's TIME FOR ENCRYPTED DNS!)
Here's another open industry secret:
The Chinese like any other international ISP have to connect their network to the international internet
up-stream ISPs/ASN's right. I believe now they even have some of their DPI hardware in the US/Europe.
Again all public data, see:
https://www.peeringdb.com/private/participant_view.php?id=308
https://www.peeringdb.com/private/participant_view.php?id=730
If the US gov't really wanted to see China's internet filter lists they could theoretically do the following
(again this would be POLITICAL SUICIDE I'M GUESSING AND possibly touch off a war with China, and
would require a warrant obviously):
Go to Any2 LA or Equinix San Jose or any other Chinese international peering/IP-transit place and go to
China Telecom or China Unicom's cage. Seize the Huawei DPI device. Simple. Copy the data. Do analysis.
Return it back to the Chinese!? LOL. It's a Chinese-registered APNIC IP with a public WHOIS registration
of "FSKWC NET". Mhmm... F must standard for Firewall. Must be the Chinese-DPI-GFW firewall cluster.
The internet community has discovered that all traffic to Mainland China passes through a FSKWC NET
device before it goes further in-ward to China. Some of these devices we know are in the US and Europe
where the Chinese peer before they are sent across the pacific on one of the Trans-pacific or Eur-Asia
fiber-optic cables (TPE, etc...)
The real problem with China is political and political change. I believe this will change over time as
change evolves, develops and moves towards a more open model. As an engineer I really don't care
about political crap, I wish they would just develop an open internet policy like HK or Singapore or
Japan. Filtering political extremism is fine for stability (remember in Chinese thinking/culture it's all
about "stability" versus "individuality" in the West), just don't filter entertainment sites like
YouTube/Twitter or Facebook. 99.9% of IP traffic to those sites are entertainment anyways. Wasn't
there a recent study that says 60% of tweets to twitter was un-read anyways? I just don't want to use
my god-damned VPN when I travel to China just to catch-up on my friends entertainment instead of
standard HTTPS.
Oh and recommendations for website/software developers: Implement .com/.net DNS-SEC ASAP. Then
MS and Mozilla should install the default DNS-SEC checker by default. Then Chinese internet users will
know that their DNS entries are being forged (remember this is only one stage of the "Golden
Shield"/"GFW"). They can program their ... DPI to forge the DNS-SEC responses anyways. When this
happens they will have to face international internet governance pressure (aka ICAN and a few others)
community on why the hell they are forging responses to something that makes the internet more
secure. Like their forgery of International DNS.
Will at 11/16/2010 5:54 PM
Re: Cyber Experts Have Proof That China Has Hijacked U.S.-Based Internet Traffic
Before we all freak out I hope (well pray) the US Government checks the fingerprints of the public key
before just accepting it... I mean like is this basic or is it basic? I assume they don't rely on the
hierarchical trust signing system...
Michael Williams at 11/16/2010 9:25 PM
Re: Cyber Experts Have Proof That China Has Hijacked U.S.-Based Internet Traffic
@Will - fantastic post, thank you!
Matt at 11/16/2010 9:48 PM
Re: Cyber Experts Have Proof That China Has Hijacked U.S.-Based Internet Traffic
Global Strike oligarchy China. The neo-totalitarian technological Mao expands and no one is safe. Put
your paranoia level defense. Freedom for the planet.
http://hacksperger.wordpress.com/
Er1cBl41r at 11/17/2010 5:22 AM
Re: Cyber Experts Have Proof That China Has Hijacked U.S.-Based Internet Traffic
You need to read JR02-2009, Tracking Ghostnet, the Canadian report on the Chinese infecting 1295
computers in 103 countries, just to spy on Tibet. Face it, the Chinese are waging an internation cyber
terrorist war on the entire world. Let us just hope that since they are becoming the world's largest
economic power they want to keep their country affluent and not start a real military war.
Benny Vento at 11/17/2010 9:44 AM
Related documents
apdf nov 4 - 0910 sakada
apdf nov 4 - 0910 sakada
Jorge Valenzuela
Jorge Valenzuela
Day 4 Index - 507 Access 13, 15, 40, 56, 71, 76
Day 4 Index - 507 Access 13, 15, 40, 56, 71, 76
The Pythagorean Theorem in different Civilizations
The Pythagorean Theorem in different Civilizations
solving national security challenges with information technology by
solving national security challenges with information technology by
Need for New Approaches to Security PowerPoint
Need for New Approaches to Security PowerPoint
Internet SafetyK5
Internet SafetyK5
Cyber-Security Awareness PowerPoint
Cyber-Security Awareness PowerPoint
“Current Cyber Security Landscape” Dr. Josh Pauli Presentation
“Current Cyber Security Landscape” Dr. Josh Pauli Presentation
Download
advertisement