China's Internet 'Hijacking' Creates Worries for Security Experts
JUDY WOODRUFF: As holiday shoppers flock to the Web to make purchases, new questions about Internet security are surfacing.
Last week, a congressionally chartered commission released a report about what China's rise means for the U.S. economy and security. Included in the findings were the details of a little-known incident involving the hijacking of online data by a firm owned by the Chinese government.
Ray Suarez tells the story.
RAY SUAREZ: At a communications company outside Washington, D.C., computer network engineers monitor Internet traffic. Normally, the Internet works by swiftly finding the shortest, most efficient trip between two computers anywhere on Earth.
Electronic routers direct the traffic flow, insuring the shortest path, like these green lines here. But, back in April, electronic communication looking for the shortest route was sent through China.
Watch the red line. For 18 minutes, the traffic on 35,000 to 50,000 computer networks elsewhere in the world began flowing toward China, before getting routed to their final destinations. China Telecom had created a massive detour.
But traffic didn't stop. The affected computer connections took just a tiny fraction of a second longer. Whether someone was logging into check a bank balance, sending a child's photo to grandma, or shopping online, the Net still worked.
However, at the computer operations center outside Washington, D.C., engineers noticed this Internet routing phenomenon immediately. Their computer screens lit up with red alerts.
RODNEY JOFFE, Neustar, Inc.: We noticed the sudden change. During the period, there were alarms that went off.
RAY SUAREZ: One of the architects of the modern Internet, Rodney Joffe, said this diversion was a very big deal. He says it was caused when computer routers in China belonging to China Telecom began signaling to other computer routers on the Internet that they could provide the quickest path between different computers.
RODNEY JOFFE: They, all of a sudden, began announcing the fact that they were an optimal path to about 15 percent of the destinations on the Internet, that, in fact, they were a way to get to a large number of destinations on the Internet, when, in fact, they were not. We have never seen that before on this scale ever.
RAY SUAREZ: Joffe is senior vice-president and senior technologist at Neustar, a global technology and communications company. He's also a computer security expert who consults for the U.S. government and industry.
RODNEY JOFFE: In the grand scheme of things, this was a seminal event. So, this wasn't a minor security event. This wasn't a hiccup — 99.9 percent of the world didn't even think this could be done. Engineers didn't even think about it.
Every one of them is now thinking about it day and night, what the effects would be on their networks, and how they might use it, depending on whether they wear a white hat or a black hat.
RAY SUAREZ: Last week, the U.S.-China Economic and Security Review Commission, a congressionally chartered panel, issued a stinging report.
Its conclusion? That a state-owned Chinese communications firm, China Telecom — quote — "hijacked massive volumes of Internet traffic."
The Chinese government and China Telecom deny this. A Foreign Ministry spokesman said, "This report ignores the facts and is full of Cold War thinking and political bias."
When all the communications from tens of thousand of computer networks was routed to China, that included all the Web traffic, e-mail, and instant messages to and from dot.mil — that's the Department of Defense — and dot.gov — those are U.S. governments departments. The U.S. Senate and NASA also had all their traffic diverted.
Companies like Dell, Yahoo!, Microsoft and IBM had their data diverted by China Telecom, too. On that day in April, officers logging into a Pentagon Web site ended up looking at an image that came to their screen via China.
It's not clear what China did with the Internet traffic routed through its computers, and it's not clear if the data that passed through China was saved to be examined later.
But Larry Wortzel, a member of the commission that investigated the incident, is worried.
COL. LARRY WORTZEL (RET.), United States-China Economic and Security Review Commission: The real concern is that it was intentional, and these communications were recorded, and that they will be exploited over time to create either penetrations or to create networked malicious viruses.
RODNEY JOFFE: Once traffic goes through Chinese routers or switchers, Chinese devices, it's possible for the traffic itself to be manipulated. It could either just be filtered and dropped, or, in fact, it can be read, so that a log could be made of the content of the traffic, or changes could be made.
So, for example, I could substitute one word for another or one e-mail for another, and the — the users on both ends would have no idea that this has occurred.
RAY SUAREZ: Joffe says hijacking Internet traffic is consistent with previous Chinese activities.
RODNEY JOFFE: The Chinese government has made it clear, as early as six or seven years ago, publicly, that they can see that one of the next frontiers for conflict is going to be settled in cyberspace. This would seem to be something along the same lines.
RAY SUAREZ: Larry Wortzel came to the U.S.-China Commission after a career in Army intelligence. He served as a U.S. military attache in China.
COL. LARRY WORTZEL: I think it's important to understand that you can do an awful lot with 18 minutes of traffic. A good intelligence officer, for instance, could get 18 minutes of traffic from the whole Department of Defense, and — and get the Internet address, let's say, to the military assistant or the executive officer to the Joint Chiefs of Staff and everyone he communicates with on certain issues, and their Internet addresses.
And then you could socially engineer an e-mail, and make it look like it came from one of those individuals in the network to all the others, and insert an attachment that contained a very malicious virus.
RAY SUAREZ: Wortzel says he's been the subject of these types of computer attacks.
COL. LARRY WORTZEL: About eight months ago, I got an e-mail that looked like it came from the Naval Warfare Systems Command that invited me to a meeting on a particular missile system, and asked me to open the attachment to get the agenda for the meeting.
Well, I knew very well that I had not communicated with anybody in the Navy for quite a long time on that issue. And I actually called the person that was purported to have sent the e-mail. And she said, "I didn't send you an e-mail."
So, we had the attachment checked, and it was a very malicious virus that it would have done exactly that. It would have permitted somebody to take over a computer.
RAY SUAREZ: Even with no evidence of mischief, tampering, or theft, Rodney Joffe says governments and business have to harden their security systems, have to make sure this so-called hijack is made harder in the future, and, just to be safe, assume this wasn't an accident.
RODNEY JOFFE: If, in fact, the traffic was being examined and your traffic passed through the network in China, your user I.D.s and passwords may have been compromised.
If I was a large enterprise or a large organization involved in critical infrastructure, if I was in government, I would be sweating bullets currently.
RAY SUAREZ: And Joffe says the mere example of this hijacking taking place has served as an inspiration to cyber-criminals around the world.
RODNEY JOFFE: We know that the criminals already have been discussing this. We have seen it for probably the last five or six months. It was a great event for them, because it's given them a vector that most of them had never thought of.
RAY SUAREZ: Joffe and Wortzel agree that the Internet has exploded into worldwide daily use in part because its daily operation is based on trust. Lose that trust, and home users, businesses, and governments will start to stay away, and begin the unraveling of a modern marvel.