On April 8, 2010, network administrators at the state-owned China Telecom threw a switch that rerouted "massive volumes" of data from other countries through Chinese networks rather than the more secure paths they were supposed to take, according to the U.S. spy chief.
China Telecom routers stopped advertising real Internet routes in favor of fake ones that caused huge chunks of the Internet to believe the road to China was the route actually their regular route, for 17 minutes.
The re-routed traffic, which could have been captured, compromised or copied with no one being the wiser, put huge amounts of potentially sensitive U.S. military and corporate data at risk, according to James Clapper, director of National Intelligence, to the Senate Armed Services Committee yesterday.
The incident was just one of a series of attacks, exploits and intelligence-gathering efforts launched by an increasingly well-equipped and effective Chinese cyberwar effort that was part of a "dramatic increase in malicious cyber-activity targeting U.S. computers and networks," during 2010, he said.
"This is just another way in which they glean information about us and collect on us for technology purposes, so it's a very formidable concern," he said.
The U.S. is be a prime suspect in the Stuxnet worm attacks on Iran's nuclear development program in 2009.
It is also one of the prime targets for increasingly sophisticated cyberwar capabilities from other countries, especially those with plenty of money for IT and training, even if their real-world militaries are less formidable than those of the U.S.
China is facing international protests over the rapid increase in its military spending over the last decade, including plans to build aircraft carriers and stealth fighters.
It's been much more successful in cyberspace, Clapper said.
"Most attacks are relatively unsophisticated in nature, short in duration and narrow in scope," according to Deputy Defense Secretary William Lynn, who spoke at the RSA Security conference in San Francisco Feb. 16.
The Defense Dept.'s "cyberstrategy" is to ramp up its cyberwar defense capabilities to resist not only those attacks, but much more sophisticated ones it expects are on the way as international political opponents ramp up their efforts to strike back at the U.S. online, he said.
Among the countries trying to do that is Iran, which more than doubled the cyberwar contingent of its youth militia following the Stuxnet attacks, the murder of one of its leading nuclear scientists and shooting of another.
"Other countries are developing a significant capacity in this area, whether it's Russia or China or Iran," CIA chief Leon Panetta told the U.S. House panel on security in February. "We're now the subject of literally hundreds of thousands of attacks that come in, in an effort to try to get information."
FBI Director Robert Mueller also showed up to say cybersecurity was a growing concern.
Which begs the question of what, exactly they're all doing to counter these threats and how much of that work may come out from under Top Secret clearances to help U.S. based companies defend themselves against attacks as well.
No one really doubts there will be cyberwar. The real questions are who is going to get hurt.
Because they are the biggest, softest targets, the likely first line of victims are U.S. companies that may or may not have a presence in the countries that are attacking.
Online, the range of your weapons isn't really relevant. Only your level of preparation, defense and ability to recover.
Knowing there are black projects under wraps to strike back at China the next time it attacks the U.S. is great. Knowing it was actually going to do any of us any good when the sites attacked are .com instead of .gov or .mil would be even better.