Network News

X My Profile
View More Activity
Posted at 11:25 AM ET, 11/17/2010

Chinese Internet diversion was worrisome, report says

By Ellen Nakashima

For about 20 minutes in April, a state-owned Chinese telecommunications firm rerouted massive amounts of Internet traffic, including from U.S. military and government networks, through Chinese servers before sending it on its way, according to a Congressional commission report out today.

Evidence related to the incident does not indicate whether it was deliberate, but computer security researchers have noted the capability could enable "severe malicious activities," said the U.S.-China Economic and Security Review Commission in its latest report to Congress.

The incident affected traffic to about 15 percent of the world's Internet network routes, the report said. There are more than 300,000 such routes in the world, said Dmitri Alperovitch, vice president of threat research for the computer security firm McAfee Inc., who briefed the commission on the incident. Among those affected were sites owned by the U.S. Senate, the Army, Navy, Marine Corps, Office of the Secretary of Defense, Department of Commerce and the National Aeronautics and Space Administration, as well as commercial Web sites such as those for Dell, Yahoo!, Microsoft and IBM, the report said.

When a server determines what route to use to speed data to its destination, it consults a "routing table" based on Internet service providers' announced routes for networks they host. In this case, China Telecom announced routes for tens of thousands of networks it did not own, including the US government sites, Alperovitch said.

A spokesman for the Chinese Embassy in Washington told Bloomberg News that the report was based on "unfounded, groundless information." Wang Baodong, the spokesman, repeated the government's longstanding position that "Chinese laws strictly forbid hacking or other illegal activities" on computer networks.

Whether the incident was intentional or not, Alperovitch said, the fact that China Telecom Corp. was able to reroute so much traffic through its network and then allow it to proceed to the final destination "without much impact is pretty amazing," he said. The delay in an email reaching its destination might be milliseconds, he said.

Alperovitch, who said McAfee was able to witness and monitor the redirection of the traffic, said the Chinese could have snooped on or even modified the traffic as it flowed through their pipes. They might also have been able to decrypt commercially encrypted files, he said.

Intentional or not, it is the largest successful "hijacking" or rerouting of Internet traffic ever, he said.

The incident is "cause for concern, not alarm," said Dale W. Meyerrose, who was chief information officer for the Office of the Director of National Intelligence in the Bush administration and is now a vice president for information assurance at Harris Corp. To snoop on the information, he said, "they don't have to divert traffic per se, though it could make it easier."

He said that classified U.S. military traffic would be encrypted using standards set by the National Security Agency, which he said are difficult to defeat.

By Ellen Nakashima  | November 17, 2010; 11:25 AM ET
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: New research confirms Iran's nuclear program was target of Stuxnet worm
Next: Obama administration drafting letter for Netanyahu


This is not alarming, it is an act of piracy/theft, which the government of China is routinely guilty of. It is time to begin treating them as the FOE they behave like.

Posted by: murrayh | November 17, 2010 12:06 PM | Report abuse

It is cause for concern. However, the diversion of large blocks of traffic is instantly detectable,which makes it a worthless technique for espionage. The diversion of select transmissions would be more alarming but probably undetectable. Believe me, this a least-of-our-worries scenario.

Posted by: wildcatherder | November 17, 2010 1:45 PM | Report abuse

They specifically invaded the privacy of the US infrastructure so clumsily and flagrantly?

And you're going to trust them economically and otherwise?

They can't even spy.

And well, if this is this is how they chose to do business, well, what are you if you tolerate it? Other than meow, I mean...

And honestly, who is naive enough to think our defense department was unaware -- kind of makes the Chinese look dumb and overly aggressive, doesn't it?


Don't take bait, ko0ks, it makes you look like bad, untrustworthy business partner -- I mean given this and the currency undervaluing...


Posted by: thegreatpotatospamof2003 | November 17, 2010 3:13 PM | Report abuse

It is reasonable to assume that if it was done intentionally, it was done for a reason, and that the reason was hostile -- either commercially, militarily, or in some other way.

Until that reason is fully explained/understood, being told it is no cause for concern is not reassuring.

Posted by: Meridian1 | November 17, 2010 3:39 PM | Report abuse

Why isn't this huge news?

How come I have to HUNT to find this story?

Posted by: gormley14412 | November 17, 2010 4:03 PM | Report abuse

Reminds me of the bumper sticker, "Don't Steal. The Government Hates Competition."

China diverting 15% of the traffic through it's network is impressive and bothersome. Just as impressive and bothersome is that the U.S. Government already does this not for fifteen minutes once, but around the clock. is a good starting place for those wishing to learn more.

As for the folks who talked about low value for espionage due to how obvious it is, I can think of potential scenarios it would be useful. One of the more obscure ones would be you're trying to clandestinely deliver a large data file. Rather then send to China or another target that gets attention, during the time the traffic is re-routed you do the file transfer between to innocuous U.S. businesses. The Chinese can capture that file as it passes through the mirror. In the U.S. things look benign unless you figure out that needle in the 15% of internet traffic haystack you're looking at. Safer even then sending a DVD or USB physically out of the country.

Posted by: Dal190 | November 17, 2010 5:08 PM | Report abuse

I am sick of China. How the US WILLINGLY gave up so much of its economic power to this nation of scammers, cheaters, thieves and chauvinistic communist mind drones is beyond me.

And while this is happening the Army of Baggers is hunting for "communists" in its own government. It is bizarre.

Posted by: Mighty7 | November 17, 2010 6:08 PM | Report abuse

China routinely monitors personal emails and web traffic in China, particularly that of foreigners. Most apartment buildings populated by foreigners have special routers for their internet service that allows continuous monitoring of web traffic from the building.

India has stopped the purchase of Chinese routing equipment after finding embedded firmware that allows Chinese operators to control and reroute traffic through those routers at any time.

China cannot be trusted with any internet traffic, their word is, as they put it, "flexible" and may adjusted to fit the circumstances whether true of not is of no consequence.

Posted by: t5grrr | November 17, 2010 6:47 PM | Report abuse

As with most totalitarian regimes, I trust the spokesperson of the Peoples' Republic of China as far as I can spit. We know that many cultures in Asia are adverse to losing face, particularly when they are caught red handed (pardon the pun). Even to the extent that relations between our two nations become chillier they will not publicly admit wrong. We should not expect regimes of this sort to play by internationally accepted rules. No communist regime ever plays by the rules. Cyber war is for real and we should protect our nation to prevent these sorts of criminal acts.

Posted by: kerryberger | November 17, 2010 7:55 PM | Report abuse

If only they had diverted the customer service phone lines from India, I'd have called this a good day.

Posted by: ShowMeTheRealMoney | November 18, 2010 5:20 PM | Report abuse

Worrisome? Yes. I say F-CHINA and I hope that our best hackers start looking into their network. I bet our skill surpass theirs any day!

Posted by: fakedude1 | November 20, 2010 1:39 PM | Report abuse

our best hackers - I bet our skill surpass theirs any day!

You would lose that bet. American companies have been outsourcing their computer science for years and the first to go are the best, which are also the most expensive. Our best hackers are now better at customer service in Best Buy than programming.

Posted by: TigerPaw1 | November 20, 2010 5:07 PM | Report abuse

Post a Comment

We encourage users to analyze, comment on and even challenge's articles, blogs, reviews and multimedia features.

User reviews and comments that include profanity or personal attacks or other inappropriate comments or material will be removed from the site. Additionally, entries that are unsigned or contain "signatures" by someone other than the actual author will be removed. Finally, we will take steps to block users who violate any of our posting standards, terms of use or privacy policies or any other policies governing this site. Please review the full rules governing commentaries and discussions.

characters remaining

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company