A Chinese state-run telecom provider was the source of the redirection of U.S. military and corporate data that occurred this past April, according to excerpts of a draft report sent to CNET by the U.S.-China Economic and Security Review Commission.
The current draft of the U.S.-China Economic and Security Review Commission's (USCC's) 2010 annual report, which is close to final but has not yet been officially approved, finds that malicious computer activity tied to China continues to persist following reports early this year of attacks against Google and other companies from within the country.
In several cases, Chinese telecommunications firms have disrupted or impacted U.S. Internet traffic, according to the excerpts.
On March 24, Web traffic from YouTube, Twitter, Facebook, and other popular sites was temporarily affected by China's own internal censorship system, sometimes known as the Great Firewall. Users in Chile and the United States trying to reach those sites were diverted to incorrect servers or encountered error messages indicating that the sites did not exist. The USCC report said it was as if users outside China were trying to access restricted sites from behind China's Great Firewall.
Then on April 8, a large number of routing paths to various Internet Protocol addresses were redirected through networks in China for 17 minutes. The USCC identified China's state-owned telecommunications firm China Telecom as the source of the "hijacking." This diversion of data would have given the operators of the servers on those networks the ability to read, delete, or edit e-mail and other information sent along those paths.
The April incident affected traffic to and from U.S. government and military sites, including sites for the Senate, the Army, the Navy, the Marine Corps, the Air Force, and the office of the Secretary of Defense, the USCC said. Rodney Joffe, senior technologist at Domain Name System registry Neustar, also confirmed in a recent interview with CNET that the data diverted to China came from Fortune 500 companies and many branches of the U.S. government.
Evidence didn't clearly indicate whether this diversion of data was done intentionally or for what purpose, according to the USCC. But the capability alone raises a red flag.
"Although the commission has no way to determine what, if anything, Chinese telecommunications firms did to the hijacked data, incidents of this nature could have a number of serious implications," said the report excerpts. "This level of access could enable surveillance of specific users or sites. It could disrupt a data transaction and prevent a user from establishing a connection with a site. It could even allow a diversion of data to somewhere that the user did not intend (for example, to a 'spoofed' site)."
The report also commented on an incident in April in which a China-based spy network was accused of targeting government departments, diplomatic missions, and other groups in India. The activity, which also compromised computers in at least 35 other countries, including the U.S., grabbed sensitive documents from the Indian government.
Though the USCC could not definitively link this incident to the Chinese government, the authors of the report do believe there's an "obvious correlation to be drawn between the victims, the nature of the documents stolen, and the strategic interests of the Chinese state."
The excerpts did note some positive news--2010 could be the first year over the past decade that shows a smaller number of logged threats against defense and military networks. This doesn't necessarily mean that the number of attempts have decreased. Instead, the report cites the Defense Department's assertion that its own defensive measures over the past year have prevented a larger number of threats.
The U.S.-China Economic and Security Review Commission was set up by Congress in 2000 to analyze the national security issues involved in trade and an economic relationship between the U.S. and China.