At 3:00pm UTC on April 8, 2010, all traffic coming from military and civilian government networks in the UK, the US, Australia and South Korea started re-directing through China Telecom, said Dmitri Alperovitch, McAfee's vice president of threat research. Traffic coming from commercial organizations was also routed through Chinese servers.
"Traffic destined for 15 percent of the world's destinations was hijacked via internet routing protocols," Alperovitch told ZDNet UK on Tuesday. "China Telecom also had Dell, Microsoft and Yahoo as part of the re-routing." In addition, traffic coming from various parts of Russian and Indian networks was also hijacked.
The redirection occurred when China Telecom advertised itself as being the best route for data packets being sent from and to destinations. The core internet routing protocol, the Border Gateway Protocol (BGP), allows for the exchange of information between networks of autonomous systems. BGP maintains a table of available IP networks and finds the most efficient routes for internet traffic. Service providers can announce BGP routes, which are then shared between other service providers. All affected traffic was re-routed by China Telecom for 18 minutes, but the after-effects were extended due to caching.
"The impact was longer than 18 minutes," said Alperovitch. "Later, China Telecom withdrew [the routing], but there was a delay. Some destinations were still being routed through China as much as an hour later." It was not known whether the traffic was re-routed deliberately or accidentally.
For more on this story, read China hijacked UK internet traffic, says McAfee on ZDNet UK.