The Internet, though ironically created for communications during a nuclear war, is based on trust. The trust that all nodes on the Internet are equal and when connecting from one website to another the connections will take the shortest or fastest route. But what if someone said that they were the best route, best no matter what? What would happen is that all Internet traffic would pass through that point. That’s exactly what China did for 18 minutes last April:
For 18 minutes in April, China’s state-controlled telecommunications company hijacked 15 percent of the world’s Internet traffic, including data from U.S. military, civilian organizations and those of other U.S. allies.
This massive redirection of data has received scant attention in the mainstream media because the mechanics of how the hijacking was carried out and the implications of the incident are difficult for those outside the cybersecurity community to grasp, said a top security expert at McAfee, the world’s largest dedicated Internet security company.
Scary? Yeah that’s an understatement. You see another whole part of the trust network are our much trusted and relied upon SSL certificates. We trust that certificate owners won’t decrypt the messages that use their certificates when they aren’t supposed to. We assume that when our data is encrypted to go to our bank or Gmail or shop online that the only person decrypting is the store. We assume that the certificate sender is sending us the correct public-private keypair. Yeah, but guess who besides folks like Apple, Microsoft and other big companies can sign certificates?
You guessed it: China.
So for a period of time last April China pulled targeted communications from U.S. sources (so glad I’m in Canada, but heck we’re probably not safe either) and routed them through their servers…
And we don’t know what happened to the data.
The data is supposed to just flow through unhindered, but there is the suspicion that China could have captured the data and stored it for analysis. Maybe they did it, just to see if people noticed—we didn’t—and the data kept going. The scary thing is that in all honesty, the same hijacking could be going on now and we wouldn’t know unless we happen to have a running trace route mapping all our connections.
Trust me, I might be a geek, but I don’t have tracert running all the time just to see if my connections are going where they are supposed to.
Solutions? Solutions are scant. We could cut China off from the Internet, but that is rather harsh and excessive… Changing how the Internet is architected is…virtually impossible. Keeping a better eye on how traffic is flowing?
Yeah, that’s pretty much it. ISPs would have to look for unusual patterns in traffic and alert authorities. Beyond that…
I don’t know.