Cybersecurity Expert On China Net Hijacking

A new security report says China hijacked 15 percent of global Internet traffic this past April — for 18 minutes. Melissa Block talks with Dmitri Alperovitch, a cybersecurity expert with McAfee Inc., about the implications of such a high profile router hijacking case. The report, released this week by the U.S.-China and Security Review Commission, claims China hijacked U.S. government and military sites, as well as commercial web sites. China denies the claims.

Copyright © 2010 NPR. For personal, noncommercial use only. See Terms of Use. For other uses, prior permission required.

ROBERT SIEGEL, host:

From NPR News, this is ALL THINGS CONSIDERED. I'm Robert Siegel.

MELISSA BLOCK, host:

And I'm Melissa Block.

Now a story about Internet hijacking. On April 8th, a massive amount of global Internet traffic was routed through China for at least 18 minutes. That hijacking affected traffic from and to U.S. government and military sites, as well as commercial websites, including Microsoft and IBM. That finding was revealed yesterday in a report from a congressionally appointed panel - the U.S./China Economic and Security Review Commission.

Well, today, China Telecom denied hijacking Internet traffic. We're going to sort out what this means with Dmitri Alperovitch. He is the vice president of threat research for the cyber security firm McAfee. Thanks for joining us.

Mr. DMITRI ALPEROVITCH (Vice President, McAfee): Great to be with you.

BLOCK: And what happened on April 8th exactly?

Mr. ALPEROVITCH: Well, what happened is that about 15 percent of the world's destinations on the Internet, an enormous amount of traffic, was redirected through China. So it's very much like if you're sending a letter from, let's say, Washington, D.C. to London, you would give it to the U.S. Postal Service, and they would know implicitly that the way to get to London is to pass it on to the U.K. Royal Mail, and they will deliver it within the U.K.

Let's assume that - let's pick on Fiji - that they come to the U.S. Postal Service and announce that they are actually responsible for all letters being routed to London. And let's assume that the U.S. Postal Service will just believe that implicitly because that's how the Internet works. So the way it happens is that China Telecom, state owned Internet service provider in China, basically announced to the rest of the world that they're the owners of the networks of 15 percent of the Internet.

So networks included office of the secretary of defense, all the armed services, a number of intelligence networks, a number of civilian government networks as well. Up to 172 countries were actually impacted by this hijack.

BLOCK: Now, we are calling it a hijacking, the panel called it a hijacking. We should say China Telecom says there was no hijacking. How do you explain that?

Mr. ALPEROVITCH: Well, the hijacking is actually a technical term, so it just means that the traffic was rerouted through China. So that's sort of an undisputable fact that was observed by many people around the world. Whether it was intentional or not is, of course, a point of some debate. It's impossible to prove it without some information being provided by China Telecom. But it's just a lot of things are unknown at this point.

BLOCK: If there were malicious intent with something like this, theoretically, what could happen with hijacked data? What would the security risk be?

Mr. ALPEROVITCH: Well, the security risk is quite significant. Certainly all this data could've been eavesdropped on and wire-tapped. It could've been also modified in flight and the recipient of that data could've been presented with something totally different. Also, a lot of the - what are known as VPNs, virtual private networks, traverse the Internet and are encrypted with these mechanisms that can be broken. You can indeed gain access to private networks of organizations through this hijacking method.

BLOCK: Is there any way to prevent the hijacking, like, apparently what happened on April 8th?

Mr. ALPEROVITCH: There is really no way to do this right now without a massive re-architecture of the Internet. In fact, Vint Cerf, who's known as the father of the Internet and the inventor of many of these fundamental building blocks, likes to say that the Internet was an experiment that never ended. And when it was built, it was really not built with security in mind. So, to fix these fundamental issues, you really have to reengineer how the Internet works. And that's something that would take decades and enormous investments to achieve.

BLOCK: Okay. Well, Dmitri Alperovitch, thanks for talking to us.

Mr. ALPEROVITCH: Thank you so much.

BLOCK: Dmitri Alperovitch is vice president of threat research for the cyber security firm McAfee.

Copyright © 2010 NPR. All rights reserved. No quotes from the materials contained herein may be used in any media without attribution to NPR. This transcript is provided for personal, noncommercial use only, pursuant to our Terms of Use. Any other use requires NPR's prior permission. Visit our permissions page for further information.

NPR transcripts are created on a rush deadline by a contractor for NPR, and accuracy and availability may vary. This text may not be in its final form and may be updated or revised in the future. Please be aware that the authoritative record of NPR's programming is the audio.

Comments

 

Please keep your community civil. All comments must follow the NPR.org Community rules and terms of use, and will be moderated prior to posting. NPR reserves the right to use the comments we receive, in whole or in part, and to use the commenter's name and location, in any medium. See also the Terms of Use, Privacy Policy and Community FAQ.

Support comes from: