backtop


Print 27 comment(s) - last by WinstonSmith.. on Nov 18 at 10:22 AM


A U.S. Congressional panel says that requests for U.S. government and corporate sites were funneled out of the U.S. and through China telecom for a brief period last year.  (Source: Mobile Phone Co.)
Redirections allowed China to gain access to U.S. citizens' web activity illegitimately

According to an upcoming report by the U.S.-China Economic and Security Review Commission, a U.S. Congressional advisory group, a major Chinese telecom succeeded in effectively hijacking U.S. internet traffic last year.

Normally web traffic is routed via the fastest route -- typically through domestic connections.  This principle of the internet has in the past helped to secure domestic traffic.  However, the greater global internet is all connected, so in theory traffic could be routed abroad through international connections to foreign routers, returning through yet more international connections to domestic servers.

Obviously this kind of routing is a tremendous security risk.  And it's reportedly exactly what happened last year.

U.S. citizens trying to access government sites, such as the U.S. Senate, the office of the secretary of defense, NASA, and the Commerce Department last year had their traffic routed through China Telecom, the third largest telecommunications company in China and a company whose major owner is the government of China.

Traffic request for several major commercial companies were also briefly rerouted, according to the report.

The rerouting may have been an example of China testing U.S. web security and gauging the nation's ability to protect its users' data requests.  If that was the case, the U.S. government failed miserably to protect its citizens' data.

The report describes, "Evidence related to this incident does not clearly indicate whether it was perpetrated intentionally and, if so, to what ends. However, computer security researchers have noted that the capability could enable severe malicious activities."

China Telecom did not deny the incident occurred, but did deny that it intentionally "hijacked" U.S. citizens' traffic.  A company statement reads, "The spokesman of China Telecom Corporation Limited denied any hijack of internet traffic."

Aside from the suspicious misdirection, the security report found many other troubling clues to a Chinese hand in cyberattacks and cybercrime committed against U.S. citizens and corporations.

Among its finding, it found that 28 percent of phishing scams -- false emails designed to lure users into accidentally giving up their passwords or personal information -- originated from China.  And it adds, "Anecdotal reports about the success of these activities continue to surface, some with compelling links to the Chinese government."

The report also details the theft of the incredibly valuable source code that runs Google's search engine last year -- a theft which originated in China.  The incident and the ensuing lack of cooperation from the Chinese government subsequently caused Google to briefly defy the Chinese government's censorship, before finally relenting and recensoring its search.  Some suspect that the attack was perpetrated by China's leading search engine, Baidu, and suspect that the Chinese search giant may incorporate algorithms from the code to improve its own search.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: People need to wake up
By Reclaimer77 on 11/17/2010 6:24:18 PM , Rating: 2
RE: People need to wake up
By ekv on 11/18/2010 3:07:30 AM , Rating: 2
Their version of MIRV heh?


"When an individual makes a copy of a song for himself, I suppose we can say he stole a song." -- Sony BMG attorney Jennifer Pariser














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki