China denies hijacking a huge chunk of US net traffic Published duration 18 November 2010

image caption For 18 minutes in April about 15% of all net traffic was re-routed via China

China has rejected claims that it hijacked a huge chunk of net traffic in April 2010.

The allegation surfaced in a report presented to the US Congress which said that for 18 minutes the traffic was redirected to Chinese servers.

But in an official statement China Telecom "denied any hijack of internet traffic".

So far the Chinese government has declined to comment on the allegations.

The report was written by the US-China Economic and Security review commission and said the re-routing of data was caused when China Telecom sent incorrect routing information. It is not clear whether the re-routing was intentional.

Among traffic rerouted via China during the 18 minutes was that destined for the websites of the US Senate, the Office of the Secretary of Defence, Nasa and the Commerce Department, the report said.

The re-routing began at a small Chinese ISP called IDC China Telecommunication but was then picked up by the state-owned China Telecom.

"Evidence related to this incident does not clearly indicate whether it was perpetrated intentionally and, if so, to what ends," according to the report.

"However, computer security researchers have noted that the capability could enable severe malicious activities," it added.

The danger of cyber-attacks has been high on global agendas recently.

This week, US Defence Secretary Robert Gates warned that cyber-attacks posed a huge future threat and urged more joined-up efforts between the US military and civilian agencies.

MPs in the UK have also been hearing about the risks of cyber-attacks.

In evidence given to the Science and Technology Committee, experts said that a concerted cyber-attack capable of damaging key infrastructure could currently only be launched by an enemy state.

Stuxnet fears

"The risk of a concerted attack which has fundamental effect on infrastructure would have to be at state level and therefore politically unlikely," said Dr Hayes, a senior fellow at the Microsoft Institute for Advanced Technology in Governments.

But he said the tools were there for either politically-motivated hackers or organised criminals to launch an attack.

"If I see a nuclear weapon, I need plutonium, but cyber-weapons are just a sequence of ones and zeros. We have concerns that Stuxnet could be copied for instance," he said.

"The risk of that is high and could have localised effect on critical infrastructure," he told MPs.

The recent Stuxnet malware, which appeared to be targeted at Iran's nuclear power plant, has caused alarm in governments around the world about a new wave of state-sponsored cyber-attacks.

Dalai Lama

Professor Ross Anderson, from the University of Cambridge, told MPs that Stuxnet was a sophisticated piece of malware.

"We can surmise it was from someone who didn't like the Iranians refining uranium. It took six people five months to write. It appears whoever commissioned it had access to people whose business was writing malware, as well as people clearly expert in industrial control systems.

It was an effort funded to the order of £1m or thereabouts," he said.

Experts have said that Stuxnet's complexity means it could only have been written by a nation state.

Prof Anderson told MPs that he had had personal involvement into state-sponsored malware attacks.

"A couple of years ago, a student of mine helped the Dalai Lama's office clear up malware clearly from the Chinese government," he said.

Despite the threat from enemy states, the biggest risk to UK computer systems remained the prospect of internal system failures as upgrades to the net addressing system began, he said.

"The most likely cause of disruption to the internet comes from software failure associated with the transition to IPV6," he said.

But he warned that the threat of external attacks was likely to get worse over time, as more and more systems became computerised.

Experts needed

Prof Anderson said that government needed to become more "IT-aware".

"Regulators such as Ofgem and Ofcom should have people on their staff who understand IT and the risk we could be sleepwalking into," he said.

He warned that the government needed to do more.

"We have never put enough into combating cyber-crime. The Metropolitan police have difficulty sustaining e-crime units, because they are forever being closed down or merged," he said.

He said that the situation was not helped because the culture of the UK's security body GCHQ was non-collaborative, unlike that of the US National Security Agency.

"Currently there are two separate communities, the civil community and the defence community. Outside of the defence community there is no source of expertise," he said.

"Bodies like the Information Commissioner's Office and the Metropolitan police don't have their own engineering staff, so are beholden to Cheltenham [the base for GCHQ] for advice."

He was not convinced that GCHQ was the right body to be protecting computer systems.