Coming back from the US last week, I read an intriguing article titled “Chinese Firm Hijacked Data” in the Wall Street Journal. The article describes how, sending erroneous messages, a China Telecom routed 15% of the internet traffic through its servers for 15 minutes last April, including the US armed Services, the US senate and companies like Microsoft. Obviously, China Telecom denied any hijack of internet traffic, while the Global Times reported that Chinese experts were saying the report is having little merit because the majority of data in the world is routed through the US.
Frankly, I don’t understand the last statement and its relevance to the case being discussed. My question is simple, was this purely accidental, was it a warning for the US, or was there something else behind this? Obviously we will probably never know the truth behind this. But on a more general basis it highlights the vulnerabilities of the public internet in its current implementation. The Guardian quotes a threat research analyst as saying the capture “is one of the biggest – if not the biggest hijacks – we have ever seen”.
What would happen to the world if suddenly the internet became unusable? Could there be an internet war? This is something that governments will have to address. But what does that mean for enterprises? How can they secure themselves against IP theft ? We all know that confidential data travels across enterprise networks.
Albeit not relevant in the current situation, the point made by the Chinese officials that the majority of data is routed through the US, raises another question. It means that that data is subject to the US Patriot act, allowing law enforcement agencies to search e-mail communication and other records amongst others.
The internet principles are based on trust of equals with no central entity. In the New York Times article already referred above, Lu Benfu, the director of the Internet development Research Center at the Chinese Academy of Sciences, falsely pretends the US is managing controlling the Web Information Flows. He should know better. What is disturbing is that the rerouting began, according to the Guardian, already referred above, with a smaller ISP, called IDC China, before being passed on to China Telecom. Nobody, except the Chinese engineers, know what happen to that data.
This is just one of the examples of the fact we have no control over how data reaches its destination. This is a real issue for location sensitive information. For example, data submitted to export regulations, may end-up being routed through sensitive countries, resulting in breach of compliance. Internet technologists should find a way to protect data from reaching sensitive geographical areas, by for example including in the package headers accepted routing information, or we will have major incidents in the future. So, we really have to speed-up our level of innovation in this area.