[OldTee]

on what all this means. Is there a crook in the international community and what should we do to protect ourselves individually.

ARF

"China Hijacked 15% of US Internet Traffic-and no one noticed


The Internet, though ironically created for communications during a nuclear war, is based on trust. The trust that all nodes on the Internet are equal and when connecting from one website to another the connections will take the shortest or fastest route. But what if someone said that they were the best route, best no matter what? What would happen is that all Internet traffic would pass through that point. That’s exactly what China did for 18 minutes last April:

For 18 minutes in April, China’s state-controlled telecommunications company hijacked 15 percent of the world’s Internet traffic, including data from U.S. military, civilian organizations and those of other U.S. allies.

This massive redirection of data has received scant attention in the mainstream media because the mechanics of how the hijacking was carried out and the implications of the incident are difficult for those outside the cybersecurity community to grasp, said a top security expert at McAfee, the world’s largest dedicated Internet security company.

via Cyber Experts Have Proof That China Has Hijacked U.S.-Based Internet Traffic – Blog[1].

Scary? Yeah that’s an understatement.

You see another whole part of the trust network are our much trusted and relied upon SSL certificates. We trust that certificate owners won’t decrypt the messages that use their certificates when they aren’t supposed to. We assume that when our data is encrypted to go to our bank or Gmail or shop online that the only person decrypting is the store. We assume that the certificate sender is sending us the correct public-private keypair. Yeah, but guess who besides folks like Apple, Microsoft and other big companies can sign certificates?

You guessed it: China.

So for a period of time last April China pulled targeted communications from U.S. sources (so glad I’m in Canada, but heck we’re probably not safe either) and routed them through their servers…

And we don’t know what happened to the data.

The data is supposed to just flow through unhindered, but there is the suspicion that China could have captured the data and stored it for analysis. Maybe they did it, just to see if people noticed—we didn’t—and the data kept going. The scary thing is that in all honesty, the same hijacking could be going on now and we wouldn’t know unless we happen to have a running trace route mapping all our connections.

Trust me, I might be a geek, but I don’t have tracert running all the time just to see if my connections are going where they are supposed to.

Solutions? Solutions are scant. We could cut China off from the Internet, but that is rather harsh and excessive… Changing how the Internet is architected is…virtually impossible. Keeping a better eye on how traffic is flowing?

Yeah, that’s pretty much it. ISPs would have to look for unusual patterns in traffic and alert authorities. Beyond that…

I don’t know.

References

1. ^ Cyber Experts Have Proof That China Has Hijacked U.S.-Based Internet Traffic – Blog (www.nationaldefensemagazine.org)

Excerpted from China Hijacked 15% of US Internet Traffic-and no one noticed

http://thenextweb.com/apps/2010/11/1...o-one-noticed/

Readability — An Arc90 Laboratory Experiment http://lab.arc90.com/experiments/readability

Follow us on Twitter »Readability version 1.7.1

via China Hijacked 15% of US Internet Traffic-and no one noticed.

This was written by postroad. Posted on Tuesday, November 16, 2010, at 3:55 AM. Filed under Uncategorized. Bookmark the permalink. Follow comments here with the RSS feed. Both comments and trackbacks are currently closed. "

[Trak Ratt]

If they had intercepted any Dorkiphus chatter, they’re prolly are still trying to figure out who that }{ guy is and what happened to him???

[flatsixcrazy]

Quote:

Originally Posted by Trak Ratt

If they had intercepted any Dorkiphus chatter, they’re prolly are still trying to figure out who that }{ guy is and what happened to him???

I hate to say this but we've been given fair warnings/threats by this guy "Chinese will find you" . (may or may not be SFW)

YouTube - ~ GUY WITH FUNNY CHINESE ACCENT Rants About A Facebook Hacker ~

YouTube - ~ GUY WITH FUNNY CHINESE ACCENT Rants About A Facebook Hacker ~

[HoodPin]

It is indeed scary stuff. But at the same time, I wouldn't be at all surprised to find out that our country is performing similar tests/tasks.

FWIW, I believe that really sensitive military electronic traffic is confined to a separately hardwired network, that's not connected to the public internet.

But personal info and traffic is certainly up for grabs. I think from a personal standpoint, the best thing you can do is sign up for credit monitoring, and check it regularly. Also, don't get pissed when a CC company denies a charge because they're not certain of its validity. Yeah, its a PITA, but I'm sorta glad they're watching out when they do. We've gotten into the habit of alerting our CC when we're going on travel.

I thought I read before that the next gen of the internet was supposed to be better able to deal with these improprieties. Supposedly, the nodes would be taking care of all the virus scanning, security protocols, etc., making the end-user connections less vulnerable.

[joep]

Search my posts and you'll find me commenting on the topic of IT Security in a few places here. Its not a hobby for me as its my job.

The type of attack your referring too has been more than theoretical for years, and in fact has happened by mistake on a few occasions. The core Internet routers and their software (protocols) are designed to automatically reroute traffic via any available links based on perceived "cost" i.e. bandwidth and proximity. Imagine a spider's web of a telephone lines. The call may take any path through the web between two points. The idea is such that if any one strand goes down (nuked) the rest of the web will keep transmitting. This is how the Internet was intended and in fact it functions great in this capacity.

The problem today is that we've shared this new "tool" with all our allies, and all our enemies. We're all on the same web, same internet, The U.S. government has undoubtedly leveraged this same tactic to reroute information through keep choke points for inspection and testing as well.

Any organization with a network must use routers and firewalls and protect your networks from the rest of it Internet. You route all traffic to certain spots to contain entry and egress. After your traffic leaves your front door router it may in fact be flowing through China, or Arlington, or both on its way to Landover, MD.

When the Internet was created I don't think they envisioned how it was going to be used as it is today. There are whole corporations who's livelihood rest on the fact that they have bandwidth today, and security everyday. There are Federal & state agencies who do essential day-to-day business over the Internet. And more and more kinds of things are added constantly.

Think about that for one minute.

This dorkiphus.net message may have came to you via a 10 mile route, or 26,000 mile route and across the oceans before reaching your desktop!
-We knew carrier pigeons might get caught, so they were always released away from the enemy lines.
-We knew enigma machines would work so long as the keys remained a closely guarded secret.
-We knew your little brother/sister was able to listen in on the cups and string in between forts.
-We know that all types of encryption are eventually broken when given enough resources, time, and will power to do so.

Nothing has changed here folks. Only our tools, our spear points are a little more shiny today.

If you want to keep something confidential DON'T POST IT ONLINE. Maybe no one will care or notice, or bother with it, BUT ITS NOT IMPOSSIBLE either. Don't bank online.

In fact consider not using the machine in front of you for personally sensitive information such as taxes, your bank account info, companies spreadsheets etc.. unless you understand and can accept the risk that the overly complex machine in front of you may be one day under some else's control.


Now with that all said, let me explain why the sky isn't falling...

I consider my attitude to be "Professionally Paranoid" which means I try to keep a critical eye out to find troubles where ever I can on the job. I am not advocating here for everyone to stop using the Internet, but I do caution you to think twice before shopping online. Many of you are good to excellent mechanics who understand the inner workings of cars to a level I'll likely never have time to achieve. But this means you understand very well and know how to mitigate the weaknesses and design flaws of cars which could have been built better or designed a tad smarter. The Internet is the same way, only its just coming out of its infancy as a technology and as an industry. Cars have evolved and improved since the Model-T and so will the Internet. Until then it works to get your information from here to there just fine on most days. Someday it will do it more perfectly, and possibly a little more securely too even if we keep the paper cups & string tied to the enemy's front gate.

[FTS]

Quote:

Originally Posted by joep

The type of attack your referring too has been more than theoretical for years, and in fact has happened by mistake on a few occasions.

Guess again. These types of rerouting has been happening for the past 4 years that I have seen, and it is not a simple DNS rerouting issue, it is a lot more sophisticated than I had imagined, but we had ways to prevent it when we needed to. Although it appears to be a negative story on the surface, it may not be.

Also, you refer to the Internet as "we share it" with the world, it is the reverse actually; we only shared the IP protocol.

[Landjet]

I don't have any of my banking online but I do shop online. I thought that sites that have https in front of them are secure sites. Is this not true? Or are you saying that nothing online is secure?

[HoodPin]

Quote:

Originally Posted by Landjet

I don't have any of my banking online but I do shop online. I thought that sites that have https in front of them are secure sites. Is this not true? Or are you saying that nothing online is secure?

I'm no expert, but I think of it like this. Having good locks on the door to our home, and maybe even an alarm system, is kinda like https. But if someone really wants to break into our home, it is virtually impossible to stop them.

[savowood]

Locks keep honest people honest.

That being what it is, SSL is a secure protocol. The biggest problem with security is the human factor. Look up Kevin Mitnick and you'll be quite surprised at how he was able to accomplish some interesting hacks. Part of his parole agreement is he wasn't allowed to touch a computer for a certain time period after his release.

Think of it this way...

You put your valuables in your safe inside your bedroom closet. A thief has to get into your house, then know where the safe is kept, rummage through your dirty socks and underwear to get to it, and open it, take the valuables, then escape.

You have a key under your doormat. Home security thwarted.
You were talking at a party about the safe you just installed. Obscure location thwarted.
You used your birthdate as the combination. Really, why bother locking it at this point.

The only hard part is escaping undetected. What was supposed to be the hard part was made far too simple.

To apply this to cars, you're droving along down a 4 lane country road and the guy in front of you brakes quickly for a left turn. You have options. You can brake along with him and follow the crowd like a lemming, or you can make a quick maneuver to the right lane and go around. This seems like a simple option to us, but we're trained to think that way. Average Joe will just panic and lock up the brakes hoping not to hit the guy even though there's a perfectly usable lane on the right.

This is similar to security in that just because the door is locked (the guy in front of you brakes), you don't have focus on that as your only point of entry (change lanes and go around).

It's a heck of a lot easier to get your password than it is to crack the security. It's amazing how willing people are to give up information like that. Access is simple. I've been walking around a TV station for the past two days without an employee escort or visitor badge. Most of the people here have no idea who I am, but they don't question it. I'm actually supposed to be here, but there's no challenge. I could walk up to probably 75% of the workstations here and get a password, find their banking site, log in, transfer all their money to a Swiss account, and retire on my own personal island.

Just like driving faster is more than a set of JRZ dampers or Hoosier tires. The person driving is the biggest factor. The same is true with security. People are too easily compromised.

[joep]

Quote:

Originally Posted by FTS

Guess again. These types of rerouting has been happening for the past 4 years that I have seen, and it is not a simple DNS rerouting issue, it is a lot more sophisticated than I had imagined, but we had ways to prevent it when we needed to. Although it appears to be a negative story on the surface, it may not be.

Also, you refer to the Internet as "we share it" with the world, it is the reverse actually; we only shared the IP protocol.

This type of attack is focused at the core routers themselves, and they are literally spread all over the world, including China, and anyone else who has partnered with a telco and wants to communicate on the "Global Internet". Since the articles don't give too many details, one guess as to what happened might be this: http://www.wired.com/threatlevel/200...vealed-the-in/ Here the common routing protocol is exlpoited by abusing the inherit trust in it's design.

True the technology was shared with all, but today the mess of networks is commonly referred too as a single "Internet", but its also true this is an over simplification. Tony's referred to one example above in which the US DOD has its own network.

Quote:

Originally Posted by Landjet

I don't have any of my banking online but I do shop online. I thought that sites that have https in front of them are secure sites. Is this not true? Or are you saying that nothing online is secure?

HTTS is only one link in a chain of custody which handles your information including your account info and CC's. HTTPS is general terms is software encryption to protect your transmission from your desktop to the website your transacting with. In theory and largely in practice too, it protects you from the sort of attack OldTee is writing about. Given enough time, resources, and the will to do so, someone who listened in and saved a copy of your traffic could crack the encryption and see your information BUT why would they go to the effort?

There’s a high cost of computing, potentially 1000's man hours to Gobogillians of hrs to do what? Steal your bank account and identity? Now if your the NSA its different stakes and possibly worth the time and effort. (Incidentally guess who’s got the biggest new supercomputer on the block? http://www.itp.net/582827-china-tops-supercomputer-list) I’m just saying

The real risks come into play when your computer hacked by day-today things such as by viruses/malware/evil websites which steal your cookies, your address book, or log your keystrokes. These things are much more likely to occur if you or your family has unsafe computing habits. On the other end you've got Company X or a poor hosting provider with inept employees who ignore security procedures, fail to update software, accidentally send mass emails to everyone, get hacked themselves, etc...

Quote:

Originally Posted by savowood

Locks keep honest people honest.

What he said, all of it.