When China Redirected 15% Of Internet Traffic... Was It On Purpose Or An Error?
from the encryption... dept
TheNextWeb points us to a story claiming that China apparently "hijacked" about 15% of all internet traffic for a period of about 18 minutes back in April. The source of the story is McAfee, who certainly has some incentives to play up such "threats," so perhaps take it with a grain of salt.Also, it should be noted that this isn't new. Some folks appeared to spot this soon after it happened as it wasn't even remotely covert -- and also said that it appeared to be a "fat fingers" type of mistake based on the way it took place. Yet, to read the McAfee report, the assumption is that it must have been for nefarious reasons. Perhaps, but that wasn't what it appeared to be initially.
Of course, McAfee is pointing out that some of the traffic included US government and military traffic, but the US government said it was no big deal because its traffic was encrypted. However, McAfee is claiming that the US government is still at risk, and that it should be concerned. The explanation at "National Defense Magazine" based on what McAfee said seems slightly misleading:
"If China telecom intercepts that [encrypted message] and they are sitting on the middle of that, they can send you their public key with their public certificate and you will not know any better," he said. The holder of this certificate has the capability to decrypt encrypted communication links, whether it's web traffic, emails or instant messaging, Alperovitch said. "It is a flaw in the way the Internet operates," said Yoris Evers, director of worldwide public relations at McAfee.It would be great if a security expert could chime in here, but this seems like a rather simplified version of how a man-in-the-middle attack on public key encryption would work. It's possible that it could work in some specific instances, but this report makes it out like China could automatically read any encrypted message.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: china, encryption, internet, traffic
Reader Comments
Subscribe: RSS
View by: Time | Thread
Govenrment dont use public keysmats
They also use rolling keys, and traffic flow security, so you cannot even tell the start or end of any messages.
Plus, finally critical signals and information is not sent on or over the internet.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
It's not a bug, it's a feature.
[ link to this | view in chronology ]
http://ha.ckers.org/pgp.html
Apparently it's only applicable for newly-introduced users, who don't already have the other user's PGP key. It's likely that the U.S. Government uses something more secure than PGP.
If people are worried about governments encroaching on their privacy, it seems a bigger threat is a "compelled certificate creation" attack, where government agencies force a certificate authority to issue bogus, but trusted, SSL certificates. They can then intercept anything the user sends via SSL.
For details, read Certied Lies (PDF), by Christopher Soghoian and Sid Stamm.
[ link to this | view in chronology ]
is our government smarter than a college sophomore?
however if lazy Field Agent A is pissed that his secure network is running too slow and decides to email sensitive files via gmail .... well all bets are off. or move files to his thumbstick and plug it in at an internet cafe...
[ link to this | view in chronology ]
It's FUD being hyped for political/economic gain
Second, it seems like that the real number was more like 1% to 2%; 15% is an enormous amount of traffic and it's not likely that the infrastructure could handle it even if such a hijack were (a) successful (b) undetected and (c) robust.
Third, when prefix hijacks happen, either deliberately or accidentally, consider what happens to traffic -- in particular, TCP connections. Any attempt to establish a new TCP connection will likely fail -- the initial SYN packets will be sent but never delivered, so the attempt will stall, time out, and likely be reported back to the application as an error. Any attempt to use an existing TCP connection will also fail, as ACKs won't be delivered, so there will be some retries and such before that (again) the attempt will stall, time out, and likely be reported back as an error. (Consider as well what happens with UDP: packets just hit the floor.)
This means that while some traffic analysis of existing connections, based on whatever few packets are transmitted before the connection dies, is possible -- it's not going to be much. It's certainly not going to be enough to perform good attacks against the crypto; there won't be enough data. It would be far more productive and far more subtle to go after end-user systems on the sites of interest; that would yield a much larger corpus for analysis or perhaps, thanks to a keystroke logger, some of the keys.
Fourth, one thing that conceivably could be extracted from this traffic is network flow data: that is, who's talking to who on which ports. But why? Does anyone seriously think that it's major news to any adversary that government unit A is talking to commercial site B? Or that users at nonprofit C are surfing porn site D?
Fifth, incidents similar to this have happened before and will likely happen again. This particular one is just being hyped because (a) it's good PR for McAfee (b) it serves political purposes because it involves the favorite boogeyman du jour (c) it's good budgetary justification for another few billion lobbed into the non-existent problem of cyberwar.
[ link to this | view in chronology ]
My take
Thinking evil, if you were after something specific and narrowly target it, it might be easy to figure out exactly what you were after. If you were after that same something specific, and targeted broadly, you may be able to get that something specific and nobody'd figure it out.
One or more governments will probably keep us from ever knowing the truth about why this happened.
[ link to this | view in chronology ]
Re: My take
The upside of this approach is that it can overwhelm defending analysts. The downside is that it draws lots of attention. (And depending on how it's done, it requires significant and clever resources -- like trying to drink a drop from the firehose.)
Your last statement is almost certainly, and sadly, true.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Interesting spin
When this happened the story I heard at the time was it was to do with controlling internet traffic into/out of their own country and they totally snarked it up - entirely plausible given the way routing algorithms work and the complexity of the internet. Kind of the way things would have to work for the vaunted "Internet Kill Switch" to be possible. (I can hear the argumants already "Well we can be trusted with such a "weapon" but not those dastardy Chinese....")
Personally I'd go with the "never attribute to malice what can adequately be explained by stupidity" reason over the spin of a vested interest.
I'm not an expert but I do have a little experience with things like this. As I understand it, it's feasible as far as it goes. There are some proxy appliances that operate as this seems to suggest - you request an HTTPS session, the proxy intercepts and sends out its' own session request, obtaining a cert from the endpoint service requested. It then responds to the user session with its' own certificate to establish the encyrpted tunnel allowing on-box de-cryption and re-encryption for monitoring of the session.
That being said, in that scenario you already trust the proxy box and are deliberately sending traffic there and besides the certificate would look different to the endpoint services' even if it was Verisigned or similar so was considered "safe".
Could you do a simlar thing but spoofing the endpoint certificate? Possibly, but as someone already pointed out this only works with a PGP key exchange rather than private-key encryption - I don't think a VPN would be susceptible to this kind of attack for example without it being noticable even obvious.
All communication is vulnerable to some extent on the internet - it's public and that's what encryption is for after all - I don't think this kind of re-routing necessarily makes it more so. Id say the bigger risk was the cut-off and the info not getting to where it's supposed to at all.
[ link to this | view in chronology ]
However, what this might (and I stress the word "might") do is slow down/cut dissemination of public information. I do not see how that interruption would last for any extended period of time unless the gov't's technological ability was somehow compromised (basically, if they can do it to us, we can do it to them). So by itself, the redirect isn't an effective weapon unless used as part of an overall strategy to confuse population in case of a bigger attack, say an EM pulse caused by a multiple nuclear explosions. (Boy, I miss Jessica Alba and "Dark Angel"...) However, at that point the ability of gov't bureaucracies to communicate would be the least of everyone's problems. The military and emergency responders would still be able to communicate through normal secure means unless that ability was compromised as well. Which means we're on the wrong end of WW3 and the fact that the Chinese gov't may or may not read be able to read the congressional e-mails really doesn't matter any more.
[ link to this | view in chronology ]
2 reasons we made the change to AVG.
1. Try before you buy
2. Better Product
[ link to this | view in chronology ]
2 reasons we made the change to AVG.
1. Try before you buy
2. Better Product
[ link to this | view in chronology ]
2 reasons we made the change to AVG.
1. Try before you buy
2. Better Product
[ link to this | view in chronology ]
2 reasons we made the change to AVG.
1. Try before you buy
2. Better Product
[ link to this | view in chronology ]
2 reasons we made the change to AVG.
1. Try before you buy
2. Better Product
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
SSL and the chain of trust
As for the comments about the use of PKE above: The military absolutely does use PKE, since being "the military" doesn't solve the key-distribution problem. What's very likely, however, is that the US military is using ECC instead of RSA for its asymmetric crypto primitive.
[ link to this | view in chronology ]
We're from McAfee and we're here to help..!
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
And the winner is...
[ link to this | view in chronology ]
Re: And the winner is...
[ link to this | view in chronology ]
Re: Re: And the winner is...
A 256 bit encryption is standard these days for confidential info. When I was doing work for an enigneering corp, they constantly used 512 and 1024 bit encryption, (explanation I got: "The sysadmin was bored").
Nevertheless, the number of combinations of 256 bits is enormous. 2^256 = 1.1 * 10^77.
To put that in perspective, the number of milliseconds that have passed since the beginning of the universe is about 4.4*10^16, and the estimated observable universe is about 47 lightyears long , or something like 4.7*10^19 millimeters long. The volume, then, is around 10^60.
So, if we multiply the age of the universe, in milliseconds, by the size of the observable universe, in millimetres cubed, we get a number on the scale of 10^76 . . . which is still 10x smaller than the complexity of a single 256 bit encryption.
If we had a computer the size of the observable universe, running since time began, with each transistor a single nanometer, it could only be guaranteed to break 100,000 256 bit encryptions. To guarantee breaking one 256 bit encryption or this massive, insanely powerful computer, would take 10^11 years . . . that's 100 billion years.
For a computer the size of the universe.
In short, brute force is never an option, because no one has the juice or the time.
[ link to this | view in chronology ]
Re: Re: Re: And the winner is...
(For example, the 47 lightyears is a radius, not the edge of a cube as my math would suggest)
It really doesn't matter here, as all I'm trying to do is convey the scale, and the scale is still within a few orders of magnitude either way.
[ link to this | view in chronology ]
Re: Re: Re: Re: And the winner is...
If someone told me they were using 512 or 1024 bit symmetric encryption, I'd be very worried (since it suggests they're using a home grown algorithm instead of AES).
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Logic Sounds Good! About how I take techdirt's stories. After all, every story leans precariously towards promoting products or services that the masnick supports, endorses, or sells. Doesn't make them any more accurate given the obvious bias present.
[ link to this | view in chronology ]
Re:
You are correct that everyone has biases, and perhaps the majority of the income by this article's author is in areas he champions.
On the other hand, Mike doesn't generally (or at all) sell his blog pieces as authoritative. And it does make sense to mention the salt when statements are by someone (eg, McAfee) that can reasonably be considered to be an authority of some sort on security.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Encryption overview
The short version is, the original post (from the source, not Techdirts) is wrong. Simply sitting in the middle of a secure connection is not sufficient to eavesdrop, unless the users are doing something wrong (the US government probably isn't).
Public key encryption are systems that allow 2 parties to share a key (think of it very much like a key for a lock) over an unsecured medium (such as the internet) in a secure way. Think of public key as a safe with 2 doors, and each user has a key to only one door, and only one door may be open at a time (not entirely technically correct, but good enough for this discussion).
An example of public key is RSA. There are others. I don't know what the US government uses, and I won't venture to guess.
Public key systems are mathematically proven to be secure against all but brute force attacks (guessing and checking). All systems are breakable by brute force, you simply choose how long you want to be secure. It is cheap (fast) enough for the user to choose a value of years.
Public key is relatively slow (expensive) compared to private key encryption, so the typical usage is to use public key to encrypt a private key so it is safe to send over the unsecure medium (again internet). The private key is then used on a short term basis (such as a single message, or an hour on a longer term connection).
Private key is a system where the same key is used to encrypt (lock) and decrypt (unlock) the data (the "safe", this time with only one door).
The man in the middle attack (MITM) works like this: M (the middle) does the public key algoritm with A (the first person) while pretending to be B (the second person), which ends with M and A having a secure connection to each other. Similarly M pretend to be A and sets up a connection with B.
The connection now looks like A-M-B, but A and B think it looks like A-B.
Fortunately the public key encryption system fixes this. By doing the public key algorithm backwards (oversimplification), you can verify that you are talking to who they say they are.
The only way MITM works is if the 2 users have never spoken to each other before, has no trusted 3rd party who can vouche for them, or has no secure medium (something other than the internet) to do an inital introduction. I'm fairly certain the US government has both of those systems in place.
The "flaw" the original source spoke of is this needed 3rd party, but this FUD (fear, uncertainty and doubt). For the commercial sector there are companies that handle the introductions. For the US government, I suspect it is handled in house.
End result: bullshit.
[ link to this | view in chronology ]
Re: Encryption overview
Pretty nice response. For general Internet activity (https/ssl), those first time connections are definitely the most vulnerable to MITM since without the authentic key, the rogue can present its own key, with the proper name, and bogus/dirty cert authority. This would appear OK to the browser if the user clicked accept for the bogus CA or if it were somehow already on the trusted list.
Still chances are pretty low, if this situation were intentional, that this is what the Chinese intended to do.
[ link to this | view in chronology ]
Re: Encryption overview
[ link to this | view in chronology ]
Re: Encryption overview
Yes, there are companies that handle the introductions. In China, this is handled by CNNIC, which is... part of the Ministry for Information Industry. The CNNIC CA certificate (serial #49:33:00:01) ships in most SSL implementations. Draw your own obvious conclusions.
[ link to this | view in chronology ]
Re: Encryption overview
[ link to this | view in chronology ]
Re: Encryption overview
Bottomline whats being suggested is possible but only if the implementation itself was flawed after all the whole idea of Certificates was to protect against a Man in the Middle attack.
On the military side its hubris to think they're safe cause all traffic is encrypted however. Encryption can be compromised in a number of ways... Brute force were encryption is meant to make it unfeasable to guess the correct key in a time window where the content you're decrypting still matters (while this will be good protection against individuals I would worry when big governments like china are involved I would think they have the resources to actually make successful bruteforce attacks). Weakness in the algorithm or actually managed to covertly acquire the private key itself. Encryption is just one security layer... the path it travels is another having one compromised is never good news.
[ link to this | view in chronology ]
some guesses
[These are opinions only (based on some experience and what I recall from memory).]
[ link to this | view in chronology ]
Re: some guesses
OK, this is wrong. Let's say you want to communicate securely with www.buysomegoods.com. Even if you use a single ISP and they are the man in the middle, they can only succeed with SSL (https) if they use their public key (ie, one for which they know the private key, assuming they haven't hacked www.buysomegoods.com), and the CA (unless themselves hacked, bribed, etc) will not certify that that public key by this ISP company corresponds to that website domain (www.buysomegoods.com) that the ISP is trying to hijack.
This is why PGP is more risky, you don't have that automated (and third party involved) mechanism to authenticate. You have to figure out your own way (out of band) such as by calling up the person, meeting with them to exchange the key, or taking a chance with trusting your email or other Internet communication that you think the same man in the middle will not have hacked.
[ link to this | view in chronology ]
Just no.
Seems just as easy that it could have redirected into a blackhole, and 15% of all Internet requests were dropped for 18 minutes.
So, China could shut down a large chunk of the Internet with a couple keystrokes made by some tech?
Yah, I'm not buying that.
[ link to this | view in chronology ]
Re: Just no.
Second, nobody "shut down" anything. Everything out there still had power and was still burning CPU cycles.
Third, if you're not familiar with concepts like routing, ASNs, BGP, etc., and/or if you don't read lists like NANOG on a regular basis, then it's probably not going to be clear to you that not only could China do this, so could techs in a lot of other places, if they made sufficiently egregious mistakes. Which they have. Please see, for one example of many discussing these kinds of problems: http://www.renesys.com/blog/2008/02/pakistan_hijacks_youtube_1.shtml
Fourth, this is a well-known issue which has been discussed ad infinitum among people who actually run networks. It's not new. All that's new here is the fear-mongering.
[ link to this | view in chronology ]
Re: Re: Just no.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Also, to access any DOD network each uses must have their smartcard (CAC Card) inserted into a computer. This is far more secure than trying to hijack a bunch of quasi classified info and break the encryption.
This is not how you spy on the US government. Instead, you drop off a bunch memory sticks with virus' in the Pentagon parking lot. (how China actually penetrated)
For the truly secret stuff (my mom used to work at DTRA) the comps are not even allowed to connect to the internet. Her HD was locked in a safe in the basement at the end of the day with 24hr security.
[ link to this | view in chronology ]