The Null Device blog: Did China steal the internet?

According to a US government report, for 18 minutes in April, 15% of global internet traffic was rerouted through a state-owned ISP in China. The report strongly hints that this may have been no accident, but a deliberate attempt by the Chinese government to capture and analyse internet traffic between entities in the US or elsewhere.

Dmitri Alperovitch, a threat research analyst at internet security firm McAfee, said the capture "is one of the biggest – if not the biggest hijacks – we have ever seen". "No one except China Telecom operators" know what happened to the traffic during those 18 minutes, Alperovitch added. "The possibilities are numerous and troubling, but definitive answers are unknown."

The Chinese government has denied the allegations. Of course, it could be just a router malfunction or operator error. (Sometimes sinister-looking things turn out to be just randomness: princesses die in stupid car crashes, presidents' heads spontaneously explode in motorcades, that sort of thing. )

Meanwhile, further analysis of the Stuxnet malware (which, it was previously speculated, was designed to attack Iran's nuclear enrichment programme, possibly by the Israeli Mossad) have shown that its payload was designed to subtly degrade the quality of enriched uranium coming from centrifuges:

According to Symantec, Stuxnet targets specific frequency-converter drives — power supplies used to control the speed of a device, such as a motor. The malware intercepts commands sent to the drives from the Siemens SCADA software, and replaces them with malicious commands to control the speed of a device, varying it wildly, but intermittently.

The malware, however, doesn’t sabotage just any frequency converter. It inventories a plant’s network and only springs to life if the plant has at least 33 frequency converter drives made by Fararo Paya in Teheran, Iran, or by the Finland-based Vacon.

Even more specifically, Stuxnet targets only frequency drives from these two companies that are running at high speeds — between 807 Hz and 1210 Hz. Such high speeds are used only for select applications. Symantec is careful not to say definitively that Stuxnet was targeting a nuclear facility, but notes that “frequency converter drives that output over 600 Hz are regulated for export in the United States by the Nuclear Regulatory Commission as they can be used for uranium enrichment.”

Did China steal the internet?

There are no comments yet on "Did China steal the internet?"