Pentagon says "aware" of China Internet rerouting

WASHINGTON Fri Nov 19, 2010 4:15pm EST

National flags of U.S. and China wave in front of an international hotel in Beijing February 4, 2010. REUTERS/Jason Lee

National flags of U.S. and China wave in front of an international hotel in Beijing February 4, 2010.

Credit: Reuters/Jason Lee

Related Topics

WASHINGTON (Reuters) - The Defense Department is aware that Internet traffic was rerouted briefly through China earlier this year, a Pentagon spokesman said on Friday, referring to what a congressionally appointed panel has described as a hijack.

The U.S.-China Economic and Security Review Commission charged in its annual report on Wednesday that state-owned China Telecom advertised erroneous network routes that instructed "massive volumes" of U.S. and other foreign Internet traffic to go through Chinese servers during an 18-minute stretch on April 8.

Marine Colonel David Lapan, a Defense Department spokesman, told reporters, "We're aware that on the 8th of April ... Internet traffic was rerouted through China."

He added at one point that he did not know if "we've determined whether that particular incident ... was done with some malicious intent or not."

Moments later, he said there was no evidence that anything malicious had occurred, a position he repeated when pressed about the discrepancy in his remarks.

The U.S.-China Commission in its 2010 report said the incident affected traffic to and from U.S. government and military sites, including those for Secretary of Defense Robert Gates' office, the armed forces and some commercial websites.

In Beijing, China's Foreign Ministry on Friday condemned the commission's report on China's military capabilities and economic policies, saying it distorted reality and was symptomatic of Cold War thinking.

China Telecom separately has denied the charge that it "hijacked" U.S. Internet traffic by sending false notifications that prompted other servers to route traffic through China on the assumption that it was the most efficient path.

The commission said the evidence did not clearly show whether the incident was perpetrated intentionally "and, if so, to what ends. However, computer security researchers have noted that the capability could enable severe malicious activities," the report said.

Commissioner Larry Wortzel, a retired U.S. Army colonel who served two tours as a military attache in China, told reporters that the incident could have let someone mine email addresses and then send authentic-looking messages bearing attachments with malicious code or other harmful software.

"When I see things like this happen, I ask: 'Who might be interested in all the communication from the entire Department of Defense and the federal government? It's probably not a graduate student from Shanghai University,'" Wortzel said on Wednesday.

Lapan, the Pentagon spokesman, said the Defense Department's internal networks would not have been affected by any improper rerouting of traffic through Chinese servers.

"We do have tools to protect any of the traffic that goes outside" the internal networks, he added, referring to encryption and devices that warn when Internet traffic is being rerouted.

Senator Sheldon Whitehouse, who led a Senate Intelligence Committee cyber task force that submitted a classified report to the panel in July on cyber threats, said on Wednesday that certain threats cannot be countered without the U.S. government's unique "authorities and capabilities."

In a Senate floor speech, the Rhode Island Democrat reiterated a proposal to create a "dot.secure" domain to protect crucial U.S. services such as power grids, financial networks, transportation and communications hubs.

"We simply cannot leave that core infrastructure on which the life and death of Americans depends without better security," Whitehouse said.

The U.S.-China Economic and Security Review Commission was set up in 2000 to examine the security implications of growing economic ties with China.

Dean Cheng, an expert on Chinese security issues at the conservative Heritage Foundation, said the alleged Internet hijacking appeared to be part of what he described as a disturbing pattern of aggressive Chinese cyber activities.

"All of this suggests that, from China's view, a global conflict is already underway - in the virtual world of cyberspace," he wrote. "The ability to redirect vast amounts of data constitutes a threat, not only to national security, but also to private companies and individuals, as their information, too, has now been put at risk."

(Reporting by Jim Wolf, additional reporting by Paul Eckert, editing by Matthew Lewis)

FILED UNDER:
We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/
Comments (22)
IntoTheTardis wrote:
To paraphrase Cato The Elder, “China must be destroyed.” It is only a matter of time before everyone in the West will come to see that this is inevitable.

Nov 19, 2010 3:16pm EST  --  Report as abuse
Blackbird1996 wrote:
This is a major incident and a huge concern, regardless from what you here in the press. All our critical networks absolutely need to be separate and fully secure. We definitely need a “dot.secure” system in place. To think we are not vulnerable is very naive.

Nov 19, 2010 3:39pm EST  --  Report as abuse
ARJTurgot wrote:
Anyone manning a firewall with logging enabled on a public network knows that the Chinese have an active cyber-warfare program, and are attacking sites worldwide on a constant basis. The DOD and U.S. law enforcement have been aware of this for over a decade.

The question here isn’t if it was an intentionally aggressive act, that is a given, it’s why they decided to do public disclosure.

Nov 19, 2010 5:41pm EST  --  Report as abuse
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.