Cybersecurity Expert On China Net Hijacking
ROBERT SIEGEL, host:
From NPR News, this is ALL THINGS CONSIDERED. I'm Robert Siegel.
MELISSA BLOCK, host:
And I'm Melissa Block.
Now a story about Internet hijacking. On April 8th, a massive amount of global Internet traffic was routed through China for at least 18 minutes. That hijacking affected traffic from and to U.S. government and military sites, as well as commercial websites, including Microsoft and IBM. That finding was revealed yesterday in a report from a congressionally appointed panel - the U.S./China Economic and Security Review Commission.
Well, today, China Telecom denied hijacking Internet traffic. We're going to sort out what this means with Dmitri Alperovitch. He is the vice president of threat research for the cyber security firm McAfee. Thanks for joining us.
Mr. DMITRI ALPEROVITCH (Vice President, McAfee): Great to be with you.
BLOCK: And what happened on April 8th exactly?
Mr. ALPEROVITCH: Well, what happened is that about 15 percent of the world's destinations on the Internet, an enormous amount of traffic, was redirected through China. So it's very much like if you're sending a letter from, let's say, Washington, D.C. to London, you would give it to the U.S. Postal Service, and they would know implicitly that the way to get to London is to pass it on to the U.K. Royal Mail, and they will deliver it within the U.K.
Let's assume that - let's pick on Fiji - that they come to the U.S. Postal Service and announce that they are actually responsible for all letters being routed to London. And let's assume that the U.S. Postal Service will just believe that implicitly because that's how the Internet works. So the way it happens is that China Telecom, state owned Internet service provider in China, basically announced to the rest of the world that they're the owners of the networks of 15 percent of the Internet.
So networks included office of the secretary of defense, all the armed services, a number of intelligence networks, a number of civilian government networks as well. Up to 172 countries were actually impacted by this hijack.
BLOCK: Now, we are calling it a hijacking, the panel called it a hijacking. We should say China Telecom says there was no hijacking. How do you explain that?
Mr. ALPEROVITCH: Well, the hijacking is actually a technical term, so it just means that the traffic was rerouted through China. So that's sort of an undisputable fact that was observed by many people around the world. Whether it was intentional or not is, of course, a point of some debate. It's impossible to prove it without some information being provided by China Telecom. But it's just a lot of things are unknown at this point.
BLOCK: If there were malicious intent with something like this, theoretically, what could happen with hijacked data? What would the security risk be?
Mr. ALPEROVITCH: Well, the security risk is quite significant. Certainly all this data could've been eavesdropped on and wire-tapped. It could've been also modified in flight and the recipient of that data could've been presented with something totally different. Also, a lot of the - what are known as VPNs, virtual private networks, traverse the Internet and are encrypted with these mechanisms that can be broken. You can indeed gain access to private networks of organizations through this hijacking method.
BLOCK: Is there any way to prevent the hijacking, like, apparently what happened on April 8th?
Mr. ALPEROVITCH: There is really no way to do this right now without a massive re-architecture of the Internet. In fact, Vint Cerf, who's known as the father of the Internet and the inventor of many of these fundamental building blocks, likes to say that the Internet was an experiment that never ended. And when it was built, it was really not built with security in mind. So, to fix these fundamental issues, you really have to reengineer how the Internet works. And that's something that would take decades and enormous investments to achieve.
BLOCK: Okay. Well, Dmitri Alperovitch, thanks for talking to us.
Mr. ALPEROVITCH: Thank you so much.
BLOCK: Dmitri Alperovitch is vice president of threat research for the cyber security firm McAfee.
NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.