China “hijacked” 15 per cent of the world’s internet traffic for 18 minutes earlier this year, including highly sensitive email exchanges between senior US government and military figures, a report to the US Congress said.
A state-owned Chinese telecommunications firm re-routed around 15 per cent of all web traffic through its own servers during a brief period on April 8, the report said.
The incident has raised fears that China may have harvested highly-sensitive information from re-routed emails.
Another theory is that it could be testing a cyberweapon that could disrupt internet traffic from foreign servers.
The traffic included email exchanges from websites of the US Senate and the Department of Defense, along with “many others” including Nasa and the Department of Commerce.
Chinese internet officials have claimed that the re-routing was accidental, but the US-China Economic and Security Review Commission’s annual report suggested the hijacking could have been “malicious”.
“Evidence related to this incident does not clearly indicate whether it was perpetrated intentionally and, if so, to what ends,” the report said.
“However, computer security researchers have noted that the capability could enable severe malicious activities.”
Larry Wortzel, a member of the commission, said: “We don’t know what was done with the data when they got it. When I see things like this happen, I ask, who might be interested with all the communications traffic from the entire Department of Defense and federal government? It’s probably not a graduate student at Shanghai University.
“What could you do if you had the stream of email traffic for 18 minutes to and from the US Joint Chiefs of Staff? Most importantly you would get the internet addresses of everybody that communicated.”
While sensitive data such as emails are generally encrypted before being transmitted, the Chinese government holds a copy of an encryption master key which could be used it to break into redirected traffic.