Chinese ISP hijacked US military, gov web traffic ? The Register

Quote:

Eight months after traffic to as much as 15 percent of the world's internet destinations was mysteriously diverted through China, investigators for a US Congressional committee remain wary of the Asian superpower, even as they're quick to say they have no evidence it's the work of the Chinese government. “Several incidents in early 2010 demonstrate that, regardless of whether Chinese actors actually intended to manipulate US and other foreign internet traffic, China’s internet engineers have the capability to do so,” they wrote in a report published on Wednesday. “Although China is by no means alone in this regard, persistent reports of that nation’s use of malicious computer activities raise questions about whether China might seek intentionally to leverage these abilities to assert some level of control over the internet, even for a brief period.” The assessment, released by the US-China Economic and Security Review Commission, claims that during two brief episodes in late March and early April, tainted network tables redirected huge amounts of internet traffic – some of it from the US military – through Chinese internet providers. In the April 8 incident, China Telecom advertised erroneous BGP, or Border Gateway Protocol, routes that funneled traffic through Chinese networks before it reached its intended destination. The hijacking, which lasted 18 minutes, affected email and web traffic traveling to and from .gov and .mil domains, including those for the US Senate, four branches of the military, the office of the secretary of defense, and NASA, among other US governmental agencies, according to the report. It also affected traffic for large businesses, including Dell, IBM, Microsoft and Yahoo. The 328-page report makes references to other technological threats posed by China, including last year's espionage attacks on Google and 33 other large companies, and recently enacted rules that require security vendors to share encryption information with the Chinese government. The hijacking incidents weren't that different from what researchers did at the 2008 Defcon hacker conference in Las Vegas. By advertising false BGP routes that in essence claimed their IP addresses mapped the most direct route to the conference network, they sent all conference traffic to a computer under their control before ultimately sending to its destination. Over the past month, a Firefox extension known as Firesheep has demonstrated to the masses just how susceptible unencrypted traffic is to snooping. In many respects, the fragility of BGP, which relies on trust and has no intrinsic security protections, ought to cause more concern. Emails, web traffic and other data traveling over the internet is wide open to tampering if its senders don't take proper precautions, a point that wasn't lost in Wednesday's report. “Although the Commission has no way to determine what, if anything, Chinese telecommunications firms did to the hijacked data, incidents of this nature could have a number of serious implications,” it warned. “This level of access could enable surveillance of specific users or sites. It could disrupt a data transaction and prevent a user from establishing a connection with a site. It could even allow a diversion of data to somewhere that the user did not intend (for example, to a 'spoofed' site).” Internet engineers have long known of the BGP weakness, but so far there's been little done to fix it. That leaves the security of the global network in many ways reduced to the honor system. "Although a lot of parties can redirect traffic, doing so is a very public act," Bert Hubert, of Fox-IT and founder of PowerDNS told The Register. "Everyone can see the sign, and systems are in place that take a global view of internet routing, and report on whatever is odd. Rerouting traffic this way works, but everyone can see you do it." The report is here. ® This article was updated to correct erroneous information about the magnitude of the hijacking. According to the report, it rerouted traffic to 15 percent of internet destinations, not 15 percent of the world's traffic.

In other words, "Teehee! Dance little monkeys!"

__________________
Standard disclaimer: the disgusting statements contained in this post are the views of the poster, and unless specified do not represent the views of the moderators or the site's owners.

Quote:

In many respects, the fragility of BGP, which relies on trust and has no intrinsic security protections, ought to cause more concern. Emails, web traffic and other data traveling over the internet is wide open to tampering if its senders don't take proper precautions, a point that wasn't lost in Wednesday's report. [...] Internet engineers have long known of the BGP weakness, but so far there's been little done to fix it. That leaves the security of the global network in many ways reduced to the honor system.

For crying out loud, since the internet became openly available to commercial users, we have been wearing both the benefit and the price of that openness: spam email, viruses, phone number hijacking hijacking of dial-up connections. Last night my wife's PC got infected by one of those bogus security programs that tell you your computer is infected and you should pay them money to get rid of the problem. This was one that Norton security didn't prevent and while it had a tool that supposedly got rid of the infection, the tool did not work. It took me two hours this morning to fix the problem.

Shit happens.

Assume everything that goes over the internet might be read by someone. If you want it to be private, encrypt it despite the fact that the US claimed for years that standard encryption techniques were military weapons and were subject to export embargo. It tried to introduce encryption techniques that had a "trapdoor" that allowed the CIA to read encrypted traffic and generally tried to frustrate use of encryption. This reached a state of farce when Phil Zimmerman, who was under investigation for exporting PGP encryption software, published the source code of the PGP algorithm in a book. That was protected by the First Amendment and people anywhere could buy a copy of the book, separate the pages and use a scanner to read in the code.

But I digress.

What if traffic was hijacked to pass through China. Do we in Australia feel any more comfortable that the majority of our traffic (including this post) passes through the United States? But if you don't want it read by intermediaries, encrypt it.

I suspect we will see an increasing amount of complaining over time from the US as China starts to do things that the US used to assume could be done by nobody else but it.