In the latest US-China internet flap, a US congressional body has accused China Telecom of hijacking critical web traffic for a brief period.
The US-China Economic and Security Review Commission said that as a result of incorrect routing data sent by the Chinese telco, traffic to and from major corporate and government sites had been redirected through China for 18 minutes in April.
The incident affected around 15% of world traffic, including the Pentagon and the State Department, the report said. It said it could not say whether the routing instructions had been changed deliberately, National Defense Magazine reported.
“Although the commission has no way to determine what, if anything, Chinese telecommunications firms did to the hijacked data, the incidents of this nature could have a number of serious implications,” the report said.
In a statement emailed to Reuters, China Telecom denied the hijacking claim, but did not provide any further details of the event.
While there was no evidence to suggest it was deliberate, security experts floated a number of theories.
Danny McPherson, chief security officer at Arbor Networks, said the massive traffic diversion could have “been intended to conceal one targeted attack,” the report said.
Security firm McAfee said the data could have been manipulated and intercepted, or stored for analysis at a later date.
Dmitri Alperovitch, vice president of threat research at McAfee, told National Defense Magazine it was unusual that the list of hijacked traffic included preselected destinations that included .mil and .gov.
He also said it was surprising that China was able to handle the additional traffic “without breaking a sweat.”
The redirection occurred because of the trust-based system used by telcos to handle internet traffic.
China Telecom had wrongly “advertised” to the rest of the net that its servers were the best way for the data to reach its destination. Even traffic destined to travel within domestic borders was sent to China and then sent back, Alperovitch said.