Published November 16, 2010
Nearly 15 percent of the world's Internet traffic -- including data from the Pentagon, the office of Defense Secretary Robert Gates and other U.S. government websites -- was briefly redirected through computer networks in China last April, according to a congressional commission report obtained by FoxNews.com.
It was not immediately clear whether the incident was deliberate, but the April 8 redirection could have enabled malicious activities and potentially caused an unintended "diversion of data" from many U.S. government, military and commercial websites, the U.S.-China Economic and Security Review Commission states in a 316-page report to Congress.
A draft copy of the report was obtained on Tuesday by FoxNews.com. The final 2010 annual report to Congress will be released during a press conference in Washington on Wednesday.
According to the draft report, a state-owned Chinese telecommunications firm, China Telecom, "hijacked" massive volumes of Internet traffic during the 18-minute incident. It affected traffic to and from .gov and .mil websites in the United States, as well as websites for the Senate, all four military services, the office of the Secretary of Defense, the National Oceanic and Atmospheric Administration and "many others," including websites for firms like Dell, Yahoo, IBM and Microsoft.
"Although the Commission has no way to determine what, if anything, Chinese telecommunications firms did to the hijacked data, incidents of this nature could have a number of serious implications," the report reads. "This level of access could enable surveillance of specific users or sites."
Citing a separate cyberattack against Google's operations in China earlier this year, the report notes China's history of "malicious computer activities" that "raise questions about whether China might seek intentionally to leverage these abilities to assert some level of control over the Internet, even for a brief period." The report continues, "Any attempt to do this would likely be counter to the interests of the United States and other countries. At the very least, these incidents demonstrate the inherent vulnerabilities in the Internet's architecture that can affect all Internet users and beneficiaries at home and abroad."
Chris Smoak, a research scientist at the Georgia Tech Research Institute, said, whether intentional or accidental, incidents like the one on April 18 occur "two or three times a year" as large amounts of data are routed through multiple nations. He declined to indicate whether he believes the incident was deliberate. "There's no way to really say," Smoak said.
"Due to the short duration, it's very difficult to say." Smoak said security vulnerabilities pertaining to Internet routing processes is one of the more "unfortunate aspects" of the digital age. "They weren't designed with security in mind, they were designed with performance in mind and the end result," he said referring to the routing system. "We're very susceptible in that anyone could do this at any time."
The report details how the Internet routing process is susceptible to manipulation and lists how the exchange of data between networking equipment typically relies on "trust-based" transactions.
The report reads: "If a computer user in California, for example, seeks to visit a website hosted in Texas, the data would likely make several 'hops' (that is, transit multiple servers) along the way," the report reads. "Data are supposed to travel along the most efficient route. However, Internet infrastructure does not necessarily correlate to the geographical world in a predictable way, so it would be unusual for data to transit a server physically located in Georgia, or some other somewhat removed location."
The process, however, could be subject to manipulation if networking equipment in a remote location, such as China, advertised a route claiming to be the most efficient data path. Effectively, Smoak said, the servers will try to get the information to its destination by the fastest means possible, but the data could conceivably be censored or changed altogether. "It's an unfortunate aspect of the technology we use today," Smoak said. "It's all based on trust."
Sam Masiello, director of threat management at McAfee, said the security breach could have been potentially "very damaging" given the large amounts of data transferred across the Internet every second. "It could potentially be very damaging, the reason being you don't know what traffic was being routed to those servers at the time," Masiello told FoxNews.com.
"But if you're the criminal, how do you identify [sensitive information]? It's like trying to find a very small needle in a very, very large haystack." Masiello said he did not find any evidence leading him to believe that the incident was intentional, but noted increasing number of cyberattacks emanating from China.
"We've certainly seen a lot of Internet crime coming out of China and a lot of criminals that are based out of China, but as far as an actual link back to China Telecom, it's very difficult to say," Masiello said.
"Who's to say criminals did not get into China Telecom? But the fact of the matter remains, we've seen a lot of cybercrime emanating out of China in the past year."
Regardless of the intention behind the breach, Masiello concluded: "This type of attack shows there is a vulnerability in the Internet system, even if someone if able to hijack it for a very short period of time."