The cyber cold war between China and the U.S. just got a little chillier. Twice this year, China demonstrated its ability to "substantially manipulate" the Internet, a congressional commission said in a report issued on Tuesday. In one incident, traffic headed to 15 percent of the world's websites was redirected through Chinese servers for about 20 minutes.
The high-level hijacking included bits and bytes headed for the U.S. Senate, the Army, the Navy, the Marine Corps, the Air Force, the secretary of defense, NASA, and other government offices, along with commercial entities like Dell, Yahoo, Microsoft, and IBM, the report said.
Chinese officials disputed the findings. But several technology firms said they charted the hijacking in April.
In a prior incident in March, the Chinese censorship firewall was temporarily extended to block some U.S. users from visiting websites like Twitter and YouTube, the report said.
"Computer security researchers observed both incidents but were not able to say conclusively whether the actions were intentional," concluded the report, by the U.S.-China Economic And Security Review Commission. "Nonetheless, each incident demonstrates a capability that could possibly be used for malicious purposes."
The Internet, we are frequently reminded, is a shockingly fragile creation. These incidents, both of which took advantage of well-known vulnerabilities, are a wake-up call for U.S. authorities, who need to insist on security upgrades to protect U.S. interests, said Dmitri Alperovitch, a security researcher with McAfee. His firm supplied the U.S. government with a list of 53,000 websites that were hijacked for 18 minutes on April 8.
"This is a troubling development. It could be innocuous, and China is claiming it's an accident, but this has a pretty wide-ranging set of implications," he said. "That traffic could be eavesdropped upon."
The report comes near the end of a tumultuous year for China and the Internet. Beijing had a very public spat with Google early in the year, and the nation was ultimately accused of spying on Google employees. It was also accused of a sophisticated plot to use the Internet to spy on the Dalai Lama and other detractors.
The March incident involved a flaw in the way the Internet converts friendly website addresses -- like msnbc.com -- into their reference IP addresses – such as 128.206.11.1. The conversions occur through a system of networked computers called Domain Name Servers. A key tool in China's internal "Great Firewall" censorship tool is the rerouting of Web page requests through Domain Name Servers away from potentially subversive Web sites. Requests for some Web sites are simply dropped; others are redirected to China-friendly sites.
But domain name conversion tables, when handled incorrectly, can spread themselves upstream on the Internet. In March, some domain servers around the world were "poisoned" with China's censored list, causing some users in Chile and the United State to be blocked from social networking sites for about a day. The problem was readily fixed, and some researchers believe the cause might have been an honest mistake.
The high-level hijacking included bits and bytes headed for the U.S. Senate, the Army, the Navy, the Marine Corps, the Air Force, the secretary of defense, NASA, and other government offices, along with commercial entities like Dell, Yahoo, Microsoft, and IBM, the report said.
Chinese officials disputed the findings. But several technology firms said they charted the hijacking in April.
In a prior incident in March, the Chinese censorship firewall was temporarily extended to block some U.S. users from visiting websites like Twitter and YouTube, the report said.
"Computer security researchers observed both incidents but were not able to say conclusively whether the actions were intentional," concluded the report, by the U.S.-China Economic And Security Review Commission. "Nonetheless, each incident demonstrates a capability that could possibly be used for malicious purposes."
The Internet, we are frequently reminded, is a shockingly fragile creation. These incidents, both of which took advantage of well-known vulnerabilities, are a wake-up call for U.S. authorities, who need to insist on security upgrades to protect U.S. interests, said Dmitri Alperovitch, a security researcher with McAfee. His firm supplied the U.S. government with a list of 53,000 websites that were hijacked for 18 minutes on April 8.
"This is a troubling development. It could be innocuous, and China is claiming it's an accident, but this has a pretty wide-ranging set of implications," he said. "That traffic could be eavesdropped upon."
The report comes near the end of a tumultuous year for China and the Internet. Beijing had a very public spat with Google early in the year, and the nation was ultimately accused of spying on Google employees. It was also accused of a sophisticated plot to use the Internet to spy on the Dalai Lama and other detractors.
The March incident involved a flaw in the way the Internet converts friendly website addresses -- like msnbc.com -- into their reference IP addresses – such as 128.206.11.1. The conversions occur through a system of networked computers called Domain Name Servers. A key tool in China's internal "Great Firewall" censorship tool is the rerouting of Web page requests through Domain Name Servers away from potentially subversive Web sites. Requests for some Web sites are simply dropped; others are redirected to China-friendly sites.
But domain name conversion tables, when handled incorrectly, can spread themselves upstream on the Internet. In March, some domain servers around the world were "poisoned" with China's censored list, causing some users in Chile and the United State to be blocked from social networking sites for about a day. The problem was readily fixed, and some researchers believe the cause might have been an honest mistake.
