14 DAY TRIAL // A security researcher claims that reports of China hijacking 15% of Internet traffic for fifteen minutes earlier this year are grossly overestimated, the real impact being closer to 0.015%.
On April 8, 2010, China Telecom, the largest ISP in China, announced bogus Internet routes to the rest of the world, which caused a portion of international traffic to be redirected through its nodes.
In technical terms this is called a BGP (Border Gateway Protocol) prefix hijack and it seems that the problem originated with a smaller Chinese carrier.
The incident saw limited coverage in the specialized media at the time, but it didn't make it into the more mainstream press.
The discussion resurfaced because of a report on Chinese trade recently released by the U.S.-China Economic and Security Review Commission.
On page 244 of the 324-page document, the commission writes that "For a brief period in April 2010, a state-owned Chinese telecommunications firm 'hijacked' massive volumes of Internet traffic."
Massive is a relative term, but the media is now circulating a more exact figure of 15%, which, apparently, was first put forth by Dmitri Alperovitch, vice president of threat research at security giant McAfee.
"Now certainly, diverting 15% of the Internet even for just 15 minutes would be a major event," says Craig Labovitz, chief scientist at Arbor Networks, a company specializing in network security and DDoS mitigation solutions.
"But as earlier analysis by Internet researchers suggested, this hijack had limited impact on the Internet routing infrastructure — most of the Internet ignored the hijack for various technical reasons," he adds.
In fact, based on data gathered from Arbor Network's worldwide sensors and discussions about the incident on the North American Network Operator Group (NANOG) mailing list, the researcher estimates that diverted traffic amounted to only a few Gbps.
"In an Internet quickly approaching 80-100 Tbps, 1-3 Gbps of traffic is far from 15% (it is much closer to 0.015%)," Labovitz concludes, suggesting that the 15% might actually be the percentage of affected routes in relation to a default-free table.
However, routes are not traffic and, in addition, all evidence up to this point suggests that the incident was most likely accidental.