Nearly 15 percent of the world’s Internet traffic, including that of many U.S. government and military sites, was briefly redirected through computer servers in China in April, according to a congressional commission report due out this week.
It is not clear whether the incident was deliberate, but the capability could enable severe malicious activities including the diversion of data and the interception of supposedly secure encrypted Internet traffic, the U.S.-China Economic and Security Review Commission states in a report to Congress.
A draft copy of the report, which is to be released Wednesday but viewed by The Washington Times, reports for the first time that .gov and .mil websites were affected by the 18-minute-long April 8 redirection, including those for the Senate, all four military services, the office of the secretary of defense, the National Aeronautics and Space Administration, the Department of Commerce, the National Oceanic and Atmospheric Administration “and many others,” as well as commercial websites including those of Dell, Yahoo, Microsoft and IBM.
In effect, Internet traffic to and from those sites was wrongly told that the best route it could take to its destination was through servers in China.
The redirection, though brief, could have enabled “surveillance of specific users or sites [and] … could even allow a diversion of data to somewhere that the user did not intend,” the report states. The huge volume of traffic redirected could have been intended to cover a targeted attack on a single website or user.
“Perhaps most disconcertingly … control over diverted data could possibly allow a telecommunications firm to compromise the integrity of supposedly secure encrypted sessions,” the report adds.
It remains unclear whether the redirection was intentional, the report says, but it demonstrates that it is possible for malicious actors to seize control of the Internet and redirect traffic.
“Evidence related to this incident does not clearly indicate whether it was perpetrated intentionally and, if so, to what ends,” the report says. “Regardless of whether Chinese actors actually intended to manipulate U.S. and other foreign Internet traffic, China’s Internet engineers have the capability to do so.”
The commission notes that Beijing is exercising considerable control over the Internet inside China, and over the limited debate it permits on certain topics on the Web, in an effort to defuse popular demands for reform - a phenomenon it dubs “networked authoritarianism.” The news comes as Google has issued a call to Western governments to challenge Internet censorship as a restraint on global trade.
The report further notes that China has a history of “malicious computer activities” that “raise questions about whether China might seek intentionally to leverage these abilities to assert some level of control over the Internet, even for a brief period.”
Any such attempt, the report states, “would likely be counter to the interests of the United States and other countries.”
“At the very least, these incidents demonstrate the inherent vulnerabilities in the Internet’s architecture,” the report concludes.
Internet traffic moves through the network in small data packets, its route determined by instructions, known as protocols, provided by special servers around the globe.
On April 8, according to Web security specialists, a small Chinese Internet service provider published a set of instructions under the Border Gateway Protocol, that directed Web traffic from about 37,000 networks to route itself via computer servers in China.
The list was republished by China Telecom and briefly propagated itself across the global Web, which works on a trust system, with each server updating its routing instructions based on data provided by others in the network.
“We recommend that Congress get the government to produce a full report every year” about these kinds of incidents, commission member Larry Worzel, a retired colonel in Army intelligence and China specialist, told The Times.
A more comprehensive accounting is needed of how often they occur and how severe they are, he said.
“We see this stuff coming in piecemeal [but the government] has to put into place better analytic tools to spot these kinds of diversions and track which servers and routes are being used,” Mr. Worzel said.
He said China Telecom is not an independent commercial entity, calling it “a surrogate, owned and controlled by the Chinese government.”
The report notes that “China’s leadership, at all levels of the government, increasingly uses the Internet to interact with the Chinese people.” Combined with “strict censorship controls,” this means Beijing could “allow a controlled online debate about certain issues” and then “leverage what it learns from following this debate to construct policies that aim to undercut the most serious irritants to domestic stability.”
The report calls this “networked authoritarianism,” noting several efforts by the authorities to collect opinions from Chinese Internet users, for example, before major national meetings by the government or ruling Communist Party.
In another such effort, in September the Chinese Communist Party’s official newspaper, the People’s Daily, launched a website called “Direct Line to Zhongnanhai,” a reference to the compound that houses China’s president and other senior party figures.
But submission guidelines ban any comment “which harms the state’s honor or interests” or “undermines state policy on religion or advocates heretical organizations or feudal superstitions.”
“These guidelines serve as a window into the government’s efforts to control the boundaries and nature of discussions online,” the report notes.
In a white paper issued Monday, Google Inc., which recently curtailed its activities in China in response to Beijing’s efforts to control the Web, called Internet censorship, non-transparent regulation and online surveillance “the trade barriers of the 21st century economy.”
“In addition to infringing on human rights, governments that block the free flow of information on the Internet are also blocking trade and economic growth,” the Internet-service company said in a statement.
• Shaun Waterman can be reached at 123@example.com.
Please read our comment policy before commenting.