WASHINGTON—A state-owned telecommunications company in China diverted massive amounts of sensitive United States government e-mail traffic in April. With that data, state actors could obtain important information and learn better ways of “social engineering” fake, virus-laden e-mails to further infiltrate U.S. government computer networks, according to a recent press briefing by the United States-China Economic and Security Review Commission (USCC).
The news of the apparent attack was discussed at the release of the annual report of the USCC on Nov. 17.
“For a brief period in April, a Chinese Internet service provider ‘hijacked,’ or inappropriately gained access to U.S. Internet traffic. This incident affected numerous government sites, including those for the Senate and the office of the secretary of Defense,” Vice Chairman Carolyn Bartholomew said in prepared remarks.
The diversion lasted 18 minutes, and was a result of a Chinese server misdirecting global Internet traffic through servers in China. Internet data is transmitted in small packets, in a route determined by protocols set by servers around the world. On April 8, a small Chinese Internet service provider published a set of instructions routing traffic through China on its own network, according to The Washington Times; this was then republished by China Telecom and propagated onto the World Wide Web.
The result, according to Larry Wortzel, an intelligence expert, China specialist, and commissioner with the USCC, was that “literally loads of Internet traffic from the Department of Defense, from all the military services, from around the federal government, and from around Congress, got routed … through a China Telecom server.”
He spoke in response to a question from The Epoch Times at the press briefing. “We don’t know what was done with it when it got there,” he said.
While neither Wortzel nor the two officials who led the press briefing would depart from the message that they could not prove that it was Chinese central authorities who had the traffic diverted, Wortzel did present some hypothetical scenarios about what may have happened.
“If you were pretty knowledgeable in the intelligence service … you would get the Internet addresses of everybody who communicated. And then you could socially engineer a fake e-mail that looks like it’s coming from a specific individual, that says ‘here’s our briefing slides for next week, let me know what your opinions are.’”
In that hypothetical, he said, the attachment would have a virus, and the attacker would “insert a virus into the whole system.”
Reporters at the briefing questioned Wortzel and Bartholomew about the U.S.'s response to the apparent targeting by China. The officials maintained that they did not have evidence directly implicating the Chinese Communist Party in the hijacking, nor of what may have been done with the traffic once it was diverted.
Wortzel did allow himself to indulge in one speculation, however: “I ask: who might be interested in all the communications traffic from the entire Department of Defense and the federal government,” he said. “And it’s probably not a graduate student at Shanghai University.”