Did China actually hijack internet traffic, or are ‘fat fingers’ to blame?

china-hijack-internet-fat-fingersYou probably noticed some recent attention-grabbing headlines about how China reportedly hijacked some 15% of all internet traffic for about 18 minutes this April. The supposed ‘massive redirection of data’ was said to include sensitive US intelligence and defense communications, which sparked near hysteria among the chattering classes and western Sino-phobes.

Top security experts at McAfee, the world’s largest internet security outfit, raised the alarm by speculating on precisely who had authorized China Telecom Corp. to carry out such a diversion, what exactly the data had been subjected to during its 18-minute detour, and whether the info had been copied in China for future examination. Dmitri Alperovitch, McAfee’s VP of threat research, described the possibilities as “numerous and troubling.”

Regardless of the perpetrator’s motives, everyone seemed to be gobsmacked by the audacity of the ‘heist’. Alperovitch said he was awestruck by “the capability and capacity that is built into [Chinese] networks” that allowed them to ‘borrow’ the data then funnel it back onto the internet’s highways without end users even being aware there’d been any disruption in service. “I’m not sure there was anyone else in the world who could have taken on that much traffic without breaking a sweat.”

Chinese authorities were quick to deny any allegations of cyber-shenanigans, much as they did when Google claimed its Chinese search engine was under attack by an allegedly state-sponsored cyber attack. Of course, to suspicious minds, the very issuance of a denial is proof of China’s guilt.

However, since the initial story broke, cooler heads are suggesting that the whole issue may have been caused by a China Telecom engineer with ‘fat fingers’. Online security firm Arbor Networks’ chief scientist Craig Labovitz has crunched the numbers and finds that not only does the ‘hijack’ appear unintentional, the scale of the incident has been vastly overblown. Others, still unconvinced by China’s “it wasn’t me” defense, suggest the incident could have been a diversionary tactic to obscure cyber malfeasance of a more precise, surgical nature.

Regardless, all the techies who have been following this story agree on one central issue – security on the internet is porous and dependent on the good will of its various gatekeepers and toll-booth operators. Reassuring, ain’t it?