Yesterdays Newshour coverage on the 18 minutes mass diversion of internet traffic was a surprising information to me.
After the report I kept wondering how serious the problem really is or just another media panic hype.
Any thoughts?<p>http://www.pbs.org/newshour/rundown/2010/11/china-internet-hijack-experts-take-questions.html
Seriousness? Well, I suppose that depends on the intent...<p>It's pretty well known that any BGP node can redirect blocks at will, if they're trusted by their neighbors (or enough of them, anyway).<p>If it was an intentional "proof of concept" attack, then I'd guess it worked pretty well. It's not too hard to invent what Bruce Schneier would call a "movie plot" scenario where the Chinese government redirects all the traffic that they want to themselves, with the average internet denizen completely unaware (because all of the major browsers trust the Chinese government's CA, which means that they can produce signed, trusted certs for any website that they want), basically committing an internet-sized man-in-the-middle attack.<p>Of course, there are some practical issues to get around, plus doing that would probably (hopefully?) be considered an act of war...and that's ignoring the ramifications to China's current economic model, which (while I'm not an econ guy) tells me that they don't want to screw up by enticing a global embargo of cheap plastic crap.<p>So basically, what's the intent? If it's malicious, it's serious. If it's not malicious, then it's really no different than any of the other few times this sort of thing has happened.