For about 18 minutes in April, a Chinese telecommunications company hijacked 15 percent of the Internet, redirecting U.S. government and military traffic through Chinese servers. The misdirection affected NASA, all four branches of the military, the office of the Secretary of Defense and the U.S. Senate.
We don’t yet know what this means — the U.S.-China Economic and Security Review Commission, which released report on the incident today, says it is unclear whether it was intentional or just an accident — but at the very least, it’s one more piece of disturbing evidence showing the U.S. is vulnerable to cyberattack.
The hijacking was reported when it first happened, but this is the first acknowledgement that American government sites were affected. Along with the military and organizations like NASA and NOAA, the redirect affected commercial websites like Dell, Yahoo, Microsoft and IBM, according to ABC News, which broke the story this morning.
It’s not clear what happened to the data once it was rerouted through China Telecom, which is denying any hijack of Internet traffic. It could have been a pure technical error that “advertised erroneous network traffic routes that instructed U.S. and other foreign Internet traffic to travel through Chinese servers,” as the report puts it.
Whether or not this was an innocent mistake, it’s clear the capability to reroute huge streams of data could enable malicious activities. Given Chinese entities’ Internet history, this is not good news. Remember last January’s attack on Google, intended to get human rights activists’ e-mail addresses?
From the report: “This level of access could enable surveillance of specific users or sites. It could disrupt a data transaction and prevent a user from establishing a connection with a site. It could even allow a diversion of data to somewhere that the user did not intend.”
Government officials are claiming their traffic was encrypted. so they have nothing to fear. But when members of Congress are “100 percent certain” the U.S. will suffer a cyberattack, incidents like this should sound the alarm.