As we wind down to the end of the year and look toward 2011, we tend to read a fair amount of retrospectives of the year gone by, and a lot of “Top” lists, like “Top News Stories of 2010” or the “2010 Top Influential People.” Of course, there’s “Time’s Person of the Year.” For 2010, it’s worth noting that it was an Internet/Tech pick, Mark Zuckerberg, Facebook’s CEO, co-founder and guru.

If I were doing a Top Tech Stories for 2010, (which I am not) Julian Assange and WikiLeaks would have to be in there, Apple with their iPad and Antennagate would be there, the Internet neutrality debate would be one. Google created a ruckus with their Street View cars and issues with privacy. Google also had run-ins with China, where Google accused China of stealing intellectual property and breaking into Gmail accounts. Google and China also had disagreements over how to censor their search results. McAfee distributed an antivirus update that crashed hundreds of thousands of computers, and then handled the PR poorly. Also worth considering for the list: 3D TV, Android comes into its own, 4G gets rolling.

Then there’s Stuxnet, on which I wrote my previous article. I felt it was a significant occurrence, but no one seemed to know about it.

With that in mind, here’s my recognition of The Most Significant Tech Story That No One Knows About for 2010:

The 18-Minute Hijacking of the Internet

On Thursday April 8, 2010, beginning at 3:00 PM UTC (5:00 AM Hawaii Time) 15 percent of the world’s Internet traffic was hijacked. Internet traffic to networks in the US, the UK, Australia and South Korea started re-directing. This included internet data from sites owned by the US Senate, the US military, the Office of Secretary of Defense, NASA, and others. Some commercial websites were also affected, including those for Dell, Yahoo!, Microsoft, and IBM. The redirection of internet traffic lasted for 18 minutes.

The redirection of internet traffic flow was accomplished by taking advantage of an internet routing protocol (Border Gateway Protocol) that tries to move data packets from one server to another in the quickest way. Incorrect information was propagated along the traffic routes basically announcing that the quickest way to get data packets where they needed to go was through... China Telecom.

That’s right; a good chunk of the Internet was running through China when it wasn’t supposed to. This data included emails and instant messaging. The data was indeed reaching its intended destination; it’s just that it was going through China servers first.

The US-China Economic and Security Review Commission recently included this incident in their report to Congress:

For about 18 minutes on April 8, 2010, China Telecom advertised erroneous network traffic routes that instructed US and other foreign Internet traffic to travel through Chinese servers. Other servers around the world quickly adopted these paths, routing all traffic to about 15 percent of the Internet’s destinations through servers located in China. This incident affected traffic to and from US government (‘‘.gov’’) and military (‘‘.mil’’) sites, including those for the Senate, the army, the navy, the marine corps, the air force, the office of secretary of Defense, the National Aeronautics and Space Administration, the Department of Commerce, the National Oceanic and Atmospheric Administration, and many others. Certain commercial websites were also affected, such as those for Dell, Yahoo!, Microsoft, and IBM.

Was this just an accident, or was this somehow a premeditated event?

Dmitri Alperovitch, a security expert at McAfee points out that this kind of erroneous routing information happens accidentally a few times a year. However, he also points out that typically, this misrouted data reaches a dead end, and the user would not be able to connect.

In this case, the servers were not overwhelmed by the unusually large and presumed unexpected spike in traffic.  The packets reliably reached their destination with no perceptible latency. He adds, “Imagine the capability and capacity that is built into their (China Telecom) networks. I’m not sure there was anyone else in the world who could have taken on that much traffic without breaking a sweat.”

Alperovitch expresses the concern that the data passing through China Telecom could have been stored for examination later. It should be noted that Cisco Systems came under heavy criticism in 2004 and 2005 for selling “mirroring routers” to China. The thinking at that time was this equipment would allow the Chinese government to easily monitor Internet use by its citizens. These routers could have been employed to copy data during the 18-minute hijacking.

Even if this data was somehow being monitored, if it was encrypted, it’s still safe, right?

The US-China Economic and Security Review Commission said:

Perhaps most disconcertingly, as a result of the diffusion of Internet security certification authorities, control over diverted data could possibly allow a telecommunications firm to compromise the integrity of supposedly secure encrypted sessions.

What the Commission is saying here is that they are concerned that encrypted sessions running through China may not be safe. There IS a way for China to sit in the middle of a “secure” exchange of data and read it.

Now that we know it has happened, are there measures in place to stop it?

No, other than having more of an awareness of the problem. This hijacking took advantage of the way the Internet is inherently designed. Alperovitch says, “It can happen again. They can do it tomorrow or they can do it in an hour. And the same problem will occur again.”

Sources/Interesting reading:

China's Internet 'Hijacking' Creates Worries for Security Experts (A good video explanation of the event.)

Cybersecurity Expert On China Net Hijacking (An MP3 audio explanation.)

Cyber Experts Have Proof That China Has Hijacked U.S.-Based Internet Traffic

China hijacked UK internet traffic, says McAfee

Q+A: What happens when Web traffic goes through China?

How China swallowed 15% of 'Net traffic for 18 minutes

China Hijack Raises Concerns for Internet Security

Report sounds alarm on China's rerouting of U.S. Internet traffic

China Hijacked 15% of US Internet Traffic-and no one noticed 

Internet traffic was routed via Chinese servers

Internet Traffic from U.S. Government Websites Was Redirected Via Chinese Networks