US Government Web Traffic diverted through Chinese Computers

One of the most effective attacks in the cyber security world is the “man-in-the-middle” attack. Basically this means to place your attacking computer in between the communication of two or more target machines. As the attacker, you get full access to the data traveling from point “a” to point “b”.

This is basically what happened to 15% of the world’s internet traffic last April, including traffic from the US Government. According to Foxnews, a report will be released to congress tomorrow that states:

“.gov and .mil websites were affected by the redirection, including websites for the Senate, all four military services, the office of the Secretary of Defense, the National Oceanic and Atmospheric Administration and “many others,” including websites for firms like Dell, Yahoo, IBM and Microsoft.

According to National Defense Magazine, Dmitri Alperovitch, McAfee’s vice president of threat research said, “This is one of the biggest – if not the biggest hijacks – we have ever seen.” And it could happen again, anywhere and anytime. It’s just the way the Internet works, he explained. “What happened to the traffic while it was in China? No one knows”

How did it happen? Internet packets are always looking for the fastest path to travel when going from point “a” to point “b”. What happened, purposely or not, China Telecom Corporation told the world’s internet service providers that they had the fastest route to send data.

And for 18 minutes, a good chunk of the world’s internet traffic diverted and flowed through China. Wow, simple and effective.

But encrypted data would be safe right? Not necessarily, says Yoris Evers, director of worldwide public relations at McAfee:

If China telecom intercepts that [encrypted message] and they are sitting on the middle of that, they can send you their public key with their public certificate and you will not know any better,” he said. The holder of this certificate has the capability to decrypt encrypted communication links, whether it’s web traffic, emails or instant messaging, Alperovitch said. “It is a flaw in the way the Internet operates,”

For a couple of years now, Moxie Marlinspike has shown that SSL encrypted data is not safe during a man in the middle attack. During one of his presentations he showed the results of using a program called “SSLStrip” on a Tor exit node. SSLStrip was able to retrieve numerous encrypted credit cards numbers and passwords in plaint text.

China’s diversion of traffic really exposed a detrimental weakness to the way the internet functions. Why do a denial of service attack, that in many circumstances is just a nuisance, when you can just divert a large chunk of a country’s data through your systems and then store it and analyze it later for information.

Internet Routers need to be changed so that when the destination and source are in the same country, the packets should never leave that nation.

6 thoughts on “US Government Web Traffic diverted through Chinese Computers”

  1. The National Defense Magazine article ( has some great information on the hijack. Here is another quote about what was targeted:

    “This happens accidentally a few times per year, Alperovitch said. What set this incident apart from other such mishaps was the fact that China Telecom could manage to absorb this large amount of data and send it back out again without anyone noticing a disruption in service. In previous incidents, the data would have reached a dead end, and users would not have been able to connect.

    Also, the list of hijacked data just happened to include preselected destinations around the world that encompassed military, intelligence and many civilian networks in the United States and other allies such as Japan and Australia, he said. “Why would you keep that list?” Alperovitch asked.”

    1. Wow, I didn’t even think about that Philo. That’s kinda scary…
      What I haven’t seen yet is who discovered this and shut it down, or did they figure this out after the fact?

      The second would be much worse…

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: