Tech – for Everyone

Tech Tips and Tricks & Advice – written in plain English.

A House Built On Sand

A report submitted to Congress on Wednesday by the U.S.-China Economic and Security Review Commission expressed concerns over what the commission claims is China’s growing ability to control and manipulate Internet traffic. In one of the incidents, traffic to and from about 15% of all* Internet destinations was routed through servers belonging to China Telecom, a state-owned telecommunications company.

The rerouting happened on April 8 and lasted for about 18 minutes. The traffic hijacking affected U.S. government and military networks, including those belonging to the Army, Navy, Air Force and Marine Corps, as well as the Office of the Secretary of Defense, the Department of Commerce, NASA and the U.S. Senate. Commercial sites, including those belonging to Microsoft, Dell and Yahoo, were also affected.

The kind of access that Chinese authorities had to the data could enable surveillance of specific users or sites, disrupt transactions, prevent a user from establishing connections to specific sites or divert them to other spoofed sites, the report noted.

“Incidents of this nature could have a number of serious implications,” the report said. (Yah think???)

Incidents such as those reported by the commission highlight some of the fundamental vulnerabilities* of the Internet“, said Dmitri Alperovitch, an Internet threat researcher at McAfee.

The takeaway here is that the foundation on which the Internet is built is insecure*,” Alperovitch said. “It is based on trust. We trust ISPs to tell us which networks they own. There is no validation [of that information].”

These are excerpts from a Computerworld article. Click here to read the whole enchilada.

Also, Dark Reading has a more detailed look, here.

* emphasis mine.

… My guess is they just slurped up all the packets; so they can better map IP’s and fingerprint users and systems. Step 1 in the hacker’s playbook.
(Maybe look at the encryptions used.. and run some through their supercomputer.)
But I’m a cynical, and not terribly well-educated guy. I could be wrong. I hope I am. But it seems pretty clear: a lot of people are playing games on the Internet.. and I’m not talking about WoW.

My quote of the week:Advice is what we ask for when we already know the answer but wish we didn’t.
~ Erica Jong

Today’s free download: IObit Toolbox is free, portable software that system administrators and computer geeks will take along to solve PC problems anytime and anywhere. With more than 20 dedicated tools, IObit Toolbox allows you to display/diagnose PC information, enhance PC security, optimize PC performance and repairing PC problems. In a word, it offers an easy way for PC admin to monitor and manage computers. It can be used for commercial and non-commercial purposes.

Today’s reco’s reading: How to become a certified IT ninja
When faced with a problem, people tend to collect into three mindsets. The first is not to do anything, lest we make the problem worse…

Copyright 2007-2010 © “Tech Paul” (Paul Eckstrom). All Rights Reserved.


>> Folks, don’t miss an article! To get Tech – for Everyone articles delivered to your e-mail Inbox, click here, or to subscribe in your RSS reader, click here. << 


Share this post :

November 18, 2010 - Posted by | Internet, News, security

3 Comments »

  1. Hah

    Like

    Comment by david | November 19, 2010 | Reply

  2. TechPaul,

    I read this as well and it down right a threat to our National Security. Could you imagine if wide scale internet disruption occurred? Cyberwars is for real…

    Rick

    Like

    Comment by Ramblinrick | November 19, 2010 | Reply

    • Rick,
      Yes, I think I can. I have already lived some small tastes of it.

      The ability to communicate via the TCP/IP protocols (the “Internet”) is a remarkable convenience. But I would never rely on it. (That’s why I keep a landline.) IMHO, we have deeply erred, and extrapolated that convenience to something we rely on for trade and commerce, monetary exchange (local, national, International)(we need a network connection to buy a tank of gas, or a burrito); all of our records are in ‘databases’ – imagine the DMV’s computers going down – any licenses get issued? How about the Courts? And .. apparently, command and control of our defenses.
      I dare say, it appears we’re fools.

      TCP/IP was designed to be fault-tolerant and talkative. (The opposite of secure and private.)

      Oh, and BTW? Who assembles our devices? (see, March Madness repost: Infected picture frames, and scroll down to “A security nightmare come true:”)

      Yes. Battles are being fought in “cyber space”. This could very well have been a “trial balloon”. But look at how easy it was.. just set a router to advertise best route. (It’s so easy, admins have done it by mistake.) No need to fly a plane into a trade center.. just type one command.

      … I read that someone asked some high mucketty-mucks about this and they said they weren’t troubled.. because their traffic was encrypted.
      Man.
      Okay, Buddy. Q: What if your “encrypted traffic” is routed to 127.0.0.1 (aka “a black hole”)? (A:Ahh, Houston.. we have a problem..“)

      Like

      Comment by techpaul | November 19, 2010 | Reply


Post your Comment/Question

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: