Wednesday, November 17, 2010

China in US web traffic hijacking

The traffic to some highly sensitive US websites was briefly rerouted via China, according to Reuters.

The incident, which happened for 18 minutes last April, is published in a report by the US-China Economic and Security review commission.

It found that China Telecom sent incorrect routing information, but it is not clear whether it was intentional.

It comes amid continuing discussions in the US and the UK about cyber-security.

Among traffic rerouted via China was that destined for the US Senate website, the Office of the Secretary of Defence, Nasa and the Commerce Department, the report said.

"Evidence related to this incident does not clearly indicate whether it was perpetrated intentionally and, if so, to what ends," according to the draft report obtained by Reuters.

"However, computer security researchers have noted that the capability could enable severe malicious activities," it added.

The danger of cyber-attacks has been high on global agendas recently.

This week, US Defence Secretary Robert Gates warned that cyber-attacks posed a huge future threat and urged more joined-up efforts between the US military and civilian agencies.

MPs in the UK have also been hearing about the risks of cyber-attacks.

In evidence given to the Science and Technology Committee, experts said that a concerted cyber-attack capable of damaging key infrastructure could currently only be launched by an enemy state.

Stuxnet fears

"The risk of a concerted attack which has fundamental effect on infrastructure would have to be at state level and therefore politically unlikely," said Dr Hayes, a senior fellow at the Microsoft Institute for Advanced Technology in Governments.

But he said the tools were there for either politically-motivated hackers or organised criminals to launch an attack.

"If I see a nuclear weapon, I need plutonium, but cyber-weapons are just a sequence of ones and zeros. We have concerns that Stuxnet could be copied," he said.

"The risk of that is high and could have localised effect on critical infrastructure," he told MPs.

The recent Stuxnet malware, which appeared to be targeted at Iran's nuclear power plant, has caused alarm in governments around the world about a new wave of state-sponsored cyber-attacks.

Dalai Lama

Dr Ross Anderson, from the University of Cambridge, told MPs that Stuxnet was a sophisticated piece of malware.

"We can surmise it was from someone who didn't like the Iranians refining uranium. It took six people five months to write. It appears whoever commissioned it had access to people whose business was writing malware, as well as people clearly expert in industrial control systems.

It was an effort funded to the order of �1m or thereabouts," he said.

Experts have surmised that its complexity means it could only have been written by a nation state.

Mr Anderson told MPs that he had personal involvement into state-sponsored malware attacks.

"A couple of years ago, a student of mine helped the Dalai Lama's office clear up malware clearly from the Chinese government," he said.

Currently, though, the biggest risk to UK computer systems was still the prospect of internal system failures as upgrades to the net addressing system began, he said.

"The most likely cause of disruption to the internet comes from software failure associated with transition to IPV6," he said.

But he warned that the threat of external attacks was likely to get worse over time, as more and more systems became computerised.

Experts needed

Mr Anderson said that government needed to become more "IT-aware".

"Regulators such as Ofgem and Ofcom should have people on their staff who understand IT and the risk we could be sleepwalking into," he said.

He warned that the government needed to do more.

"We have never put enough into combating cyber-crime. The Metropolitan police have difficulty sustaining e-crime units, because they are forever being closed down or merged," he said.

He aid that the situation was not helped because the culture of the UK's security body GCHQ was non-collaborative, unlike that of the US's National Security Agency.

"Currently there are two separate communities, the civil community and the defence community. Outside of the defence community there is no source of expertise," he said.

"Bodies like the Information Commissioner's Office and the Metropolitan police don't have their own engineering staff, so are beholden to Cheltenham [the base for GCHQ] for advice."

He was not convinced that GCHQ was the right body for the job.

"It may take a cyber-attack to convince the prime minister that GCHQ is incompetent and things need to be changed," he said.



Powered by WizardRSS | Full Text RSS Feeds

0 comments: