Highly sensitive Internet traffic on US government and military websites was briefly “hijacked” and routed through Chinese servers earlier this year, a report to the US Congress said Wednesday.
For 18 minutes on April 8, a Chinese state-owned telecommunications firm rerouted email traffic to and from websites of the US Senate, the Department of Defense, along with “many others” including NASA and Department of Commerce, said the US-China Economic and Security Review Commission’s annual report.
Some 15 percent of the Internet’s entire traffic was routed through Chinese servers during this brief period in the late morning US time, said the report.
“We don’t know what was done (with the data) when they got it,” commissioner Larry Wortzel told reporters Wednesday, noting it was not established if the traffic hijacking by China Telecom was intentional and sanctioned by Beijing.
The rerouting began at a smaller Chinese Internet Service Provider (ISP) called IDC China Telecommunication before being propagated by China Telecom.
“When I see things like this happen, I ask, who might be interested with all the communications traffic from the entire Department of Defense and federal government,” Wortzel said, adding: “It’s probably not a graduate student at Shanghai University.”
The efforts of Chinese individuals and organizations to penetrate US networks “appear to be more sophisticated than techniques used in the past,” cautioned commission vice chair Carolyn Bartholomew.
“The massive scale and the extensive intelligence and reconnaissance components of recent high profile, China-based computer exploitations suggest that there continues to be some level of state support for these activities,” Bartholomew said.
Leading Web security firm McAfee has warned of a rise in cyberattacks with political objectives, pointing to China as one of the major actors launching assaults on foreign networks.
US targets include the White House, Department of Homeland Security, US Secret Service and Department of Defense, McAfee said in its report last year.
“What could you do if you had the stream of email traffic for 18 minutes” to and from the US Joint Chiefs of Staff, asked Wortzel on Wednesday, saying that “most importantly you would get the Internet addresses of everybody that communicated,” and be able to engineer an address to plant a virus.
Former US intelligence chief Michael McConnell told lawmakers earlier this year that the United States would lose a cyberwar if it fought one today, warning: “We’re the most vulnerable, we’re the most connected, we have the most to lose.”
McConnell, who served as ex-president George W. Bush’s director of national intelligence, warned a Senate panel in February that because the United States was not failing to effectively mitigate the risk, “we are going to have a catastrophic event.”
China’s capacity to launch cyberattacks on US commercial interests was also highlighted this year after Internet giant Google threatened to completely shutter its operations in the Asian country, saying it became the target of a series of sophisticated cyberattacks there.
The commission on Wednesday recommended Congress call on the administration of President Barack Obama to formally investigate the “volume and seriousness of exploitations and attacks” targeting federal agencies that handle sensitive military and diplomatic information.
Subscribe to Time to Hack
Get the latest posts delivered right to your inbox