China Internet ‘hijack’ overblown, says researcher

The claimed ‘hijack’ of Internet traffic by China Telecom has been hugely exaggerated in scale and intent, a traffic analysis by Internet security company Arbor Networks has concluded. 

blog by Arbor chief scientist Craig Labovitz picks apart the speculative claim, attributed to McAfee’s VP of threat research, Dmitri Alperovitch (subsequently clarified here), that the unusual routing diversion through China Telecom at 4am GMT on 8 April 2010 could have amounted to as much as 15 percent of Internet traffic. 

According to Labovitz, this appears to have been calculated by comparing the 40,000 affected BGP routes to the 340,000 in the routing table as a whole, a calculation originally cited by the industry BGPmon website
Using numbers culled from the Arbor Atlas traffic monitoring system of 80 global ISPs, however, traffic on that day barely increased beyond normal patterns at most it amounted to only a few gigabits per second out of an Internet total between 80 and 100 terabits per second.

A redirection of a major portion of Internet traffic would have been expected to have either boosted or surpressed traffic volumes, depending on the scale of increase in traffic to China Telecom or the decrease in volume to other ISPs. Neither appeared to happen on any scale.

It’s a crude calculation but it does pour more cold water in the headline-grabbing suggestion that China Telecom suddenly routed 15 percent of the entire Internet and all that entails in the minds of Congressional report writers.

“We need to fix Internet infrastructure security, but we also need to be precise in our analysis of the problems,” comments Labovitz.

A BGPmon note at the time of the April ‘hijack’ played down the likelihood that the 8 April event was anything other than “fat fingers” on the part of a China Telecom engineer, whilst expressing concern that it happened at all.

“Given the large number of prefixes and short interval I don’t believe this is an intentional hijack,” said the BGPmon researcher in an analysis.

Scale, of course, is not the only consideration when looking at interference with the Internet’s routing infrastructure. Labovitz’s colleague Danny McPherson, company CSO, was cited by the Congressional report as speculating that if the event was deliberate it could have been a way to obscure a targeted attack or probe. As ever, even informed experts disagree on where emphasis should be placed.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now