China may seek to ‘control the internet,’ US report on web hijack warns

Martin Beckford, Heidi Blake, and Duncan Gardham
© The Telegraph, 2010–11–18

China “hijacked” 15 per cent of the world’s internet traffic earlier this year, according to a report to the US Congress, in what could be a new form of cyber-terrorism. A state-run telecoms firm is accused of diverting traffic including data from US military and government websites, and some in Britain, via Chinese servers.

Experts fear that the authorities could have carried out “severe malicious activities” as a result of the 18-minute operation, even harvesting sensitive data such as the contents of email messages or implanting viruses in computers worldwide.

The report by the US-China Economic and Security Review Commission says it raises the prospect that China might use its powers to “assert some level of control over the internet.”

Carolyn Bartholomew, vice-chairman of the commission, said Chinese efforts to penetrate US networks are becoming more sophisticated, adding: “The massive scale and the extensive intelligence and reconnaissance components of recent high profile, China-based computer exploitations suggest that there continues to be some level of state support for these activities.”

It is the latest sign that governments worldwide are apparently seeking either to launch attacks on computer networks or to defend themselves from them.

The US military now has a “fully operational” Cyber Command, while Israel is suspected of being behind a computer worm known as Stuxnet that may have damaged Iran’s nuclear facilities.

Earlier this year Google announced that Chinese hackers had tried to access the email accounts of human rights activists in the country in a “highly sophisticated and targeted attack,” while the government has blocked access to popular websites such as Wikipedia and BBC News.

The new US report provides previously unpublished details about a suspected “hijack” of almost one-seventh of all internet traffic, which originated in China.

“For a brief period in April 2010, a state-owned Chinese telecommunications firm ‘hijacked’ massive volumes of Internet traffic. Evidence related to this incident does not clearly indicate whether it was perpetrated intentionally and, if so, to what ends. However, computer security researchers have noted that the capability could enable severe malicious activities.”

The attack took advantage of the way that data is sent via computer servers situated all around the world to reach websites.

When an internet user in, for example, California wants to look at a website based in Texas, the data makes several short “hops” via servers on the way.

Data are meant to travel by the most efficient route however this can be manipulated, as servers based in China can suddenly announce that they provide the quickest route to various websites.

For 18 minutes on April 8 this year, the state-owned China Telecom advertised “erroneous” network routes which led to traffic going to 15 per cent of all internet destinations being sent via servers in China.

These involved official US websites covering the Senate, army, navy, marine corps and Nasa as well as leading companies such as Microsoft, IBM and Yahoo.

A handful of websites based in Britain were also affected, as well as many in Australia and within China itself.

The Commission admitted it did not know if the “hijacking” was intentional or what happened to the data, but the report states: “This level of access could enable surveillance of specific users or sites.”

Computer users could also have been prevented from accessing their intended websites, or been sent to fake sites, and “perhaps most disconcertingly” the operation could have allowed hacking of “supposedly secure encrypted sessions.” The large volume of data diverted could have been “intended to conceal one targeted attack.”

“Although China is by no means alone in this regard, persistent reports of that nation’s use of malicious computer activities raise questions about whether China might seek intentionally to leverage these abilities to assert some level of control over the Internet, even for a brief period.”

Wang Yongzhen, a senior press official with China Telecom, said: “China Telecom has never done such an act.”

Maitland Hyslop, managing director at Internet Central, said: “The event confirms cybersecurity at the centre of state conflicts and confirms an international capability for cyberwarfare.

"Hard on the heels of the news about the Stuxnet virus it places the threat from cyber attacks high on any national or business agenda."

The Chinese have also targeted Indian government offices and the office of the Dalai Lama, stealing secret and confidential documents, according to reports earlier this year.

One of the techniques they have used to set up false social network accounts on sites such as Facebook in order to bypass established firewalls.

In March last year, researchers discovered the GhostNet cyber espionage network that had infected 1,300 hosts in 103 countries around the world, largely government-based, sending information back to Hainan in China.

MI5 and GCHQ have issued a series of warning about Chinese attempts to hack systems in Britain over the past three years.

Pat Clawson, chief executive of the internet security firm Lumension, said the problem with the latest attack was that it was so easy to spot. “Traditional espionage tends to be conducted more discretely, but increasingly public cyber attacks are bringing the issue into public consciousness. In a digital age, it can be like airing your dirty laundry in public,” he said.

But he said the attack may have been very effective, adding: “The redirection of traffic isn’t just political espionage, the inclusion of data from Dell, IBM, Microsoft and Yahoo raises concerns around corporate espionage.”