Friday, 19 November 2010

Chinese Scrutinized for Meddling With Web Traffic - NYTimes.com

Report Looks at How China Meddled With the Internet

An annual report to Congress touched off a round of speculation Wednesday about the motives of a small Chinese Internet service provider that briefly rerouted as much as 15 percent of the world’s Web traffic on two occasions last spring.

The report, by the United States-China Economic and Security Review Commission, noted that the service provider, IDC China Telecommunication, broadcast inaccurate Web traffic routes for about 18 minutes on April 8. That information was then retransmitted by China’s state-owned China Telecommunications, effectively forcing data from the United States and other countries to pass through Chinese computer servers. A similar episode in March drew less attention.

The report said the move affected data traveling over both the government and military networks of the United States, including information from the Senate, the Army, the Navy, the Marine Corps, the Air Force, the secretary of defense’s office, NASA, the Department of Commerce and the National Oceanic and Atmospheric Administration, as well as from many American companies.

The incidents, which were widely reported when they occurred, were never explained, although Chinese engineering managers said that the routing errors were accidental.

The commission said it had no evidence that the misdirection was intentional. “Evidence related to this incident does not clearly indicate whether it was perpetrated intentionally and, if so, to what ends,” it said in the report. “However, computer security researchers have noted that the capability could enable severe malicious activities.” The 12-member commission was established in 2000 to submit an annual report to Congress on the national security implications of the United States’ economic relationship with China.

American computer network engineers who met with Chinese technicians visiting the United States at the time said they did not believe that the Chinese had given them a full description of what had happened.

While sensitive data such as e-mails and commercial transactions are generally encrypted before being transmitted, the Chinese government holds a copy of an encryption master key, and there was speculation that China might have used it to break the encryption on some of the misdirected Internet traffic.

There was also speculation that the rerouting might have been a test of a cyberweapon that could be used to disrupt the Internet during a crisis or a war.

There has been no evidence presented to support either theory, and Chinese technical experts rejected the suggestion that the routing changes were intentional.

“The Web information flow is controlled by the U.S., while China just holds a branch line of the global traffic,” Lu Benfu, director of the Internet Development Research Center at the Chinese Academy of Sciences, said on the Web site of Global Times, a state-run newspaper. “So this kind of accusation is technically unfeasible.”

This article has been revised to reflect the following correction:

Correction: November 18, 2010

An earlier version of this article referred incorrectly to the commission responsible for an annual report to Congress. The author was the United States-China Economic and Security Review Commission.

Posted via email from projectbrainsaver