26 Nov Internet traffic hijack allegations cause alarm
Internet users who trust e-commerce sites, web banking and know that all manner of sensitive data is transferred over supposedly secure encrypted channels may be alarmed to hear that, according to the United States, a Chinese telecommunications firm hijacked 15 percent of global internet traffic for a total of 18 minutes earlier in 2010.
The alarming allegation suggests that communications to and from websites belonging to the US Army, Navy and Marine Corps, the US defence secretary’s office, the US Senate and NASA, as well as other web traffic, were compromised.
It is claimed that state owned business China Telecom diverted data by triggering a false server notification to internet traffic which proclaimed it would reach its destination quickest by re-routing through China Telecom’s servers.
It is believed that cyber criminals could have then harvested valuable information from the 18 minute divert which would enable the creation of fake addresses from information sent and received during the period. Malicious web correspondence could then be sent, appearing to come from trustworthy sources, which a user would open to find a potentially harmful virus uploaded into their system.
If a military website or e-mail communication system was breached in this way, the effects could be devastating.
Security experts say that, worryingly, the Border Gate Protocol – the internet traffic routing mechanism – lacks security measures tough enough to withstand malicious use of servers to re-route communications.
George Ou of Digital Society told The Telegraph, “Like most other fundamental building blocks of the internet, it was initially implemented with no security in mind and it continues to live without security because changes on the internet are so difficult on a living system that doesn’t tolerate outages.”
Although it is believed that all US governmental communications are encrypted before transmission, and it has not been proved that the diverted web traffic was used maliciously, these are worrying findings for all internet users who entrust their personal details to so-called “secure sites”.