One of the most effective attacks in the cyber security world is the “man-in-the-middle” attack. Basically this means to place your attacking computer in between the communication of two or more target machines. As the attacker, you get full access to the data traveling from point “a” to point “b”.
This is basically what happened to 15% of the world’s internet traffic last April, including traffic from the US Government. According to Foxnews, a report will be released to congress tomorrow that states:
“.gov and .mil websites were affected by the redirection, including websites for the Senate, all four military services, the office of the Secretary of Defense, the National Oceanic and Atmospheric Administration and “many others,” including websites for firms like Dell, Yahoo, IBM and Microsoft.”
According to National Defense Magazine, Dmitri Alperovitch, McAfee’s vice president of threat research said, “This is one of the biggest – if not the biggest hijacks – we have ever seen.” And it could happen again, anywhere and anytime. It’s just the way the Internet works, he explained. “What happened to the traffic while it was in China? No one knows”
How did it happen? Internet packets are always looking for the fastest path to travel when going from point “a” to point “b”. What happened, purposely or not, China Telecom Corporation told the world’s internet service providers that they had the fastest route to send data.
And for 18 minutes, a good chunk of the world’s internet traffic diverted and flowed through China. Wow, simple and effective.
But encrypted data would be safe right? Not necessarily, says Yoris Evers, director of worldwide public relations at McAfee:
If China telecom intercepts that [encrypted message] and they are sitting on the middle of that, they can send you their public key with their public certificate and you will not know any better,” he said. The holder of this certificate has the capability to decrypt encrypted communication links, whether it’s web traffic, emails or instant messaging, Alperovitch said. “It is a flaw in the way the Internet operates,”
For a couple of years now, Moxie Marlinspike has shown that SSL encrypted data is not safe during a man in the middle attack. During one of his presentations he showed the results of using a program called “SSLStrip” on a Tor exit node. SSLStrip was able to retrieve numerous encrypted credit cards numbers and passwords in plaint text.
China’s diversion of traffic really exposed a detrimental weakness to the way the internet functions. Why do a denial of service attack, that in many circumstances is just a nuisance, when you can just divert a large chunk of a country’s data through your systems and then store it and analyze it later for information.
Internet Routers need to be changed so that when the destination and source are in the same country, the packets should never leave that nation.