For 18 Minutes, 15% of the Internet Routed Through China

olsmeister writes "For 18 minutes this past April, 15% of the world's internet traffic was routed through servers in China. This includes traffic from both .gov and .mil US TLDs." The crazy thing is that this happened months ago, and nobody noticed. Hope you're encrypting your super-secret stuff.

As designed

[Neil+Watson]

Isn't that what the Internet was designed to do; route as need to get bits to their destination?

Imagine how china feels

[js3]

when that 18mins is over and all their stuff goes through American servers

The Chinese aren't the reason to use encryption

[Christianfreak]

There are plenty of reasons to use encryption but the Chinese government just isn't one of them for me. If I view something they don't like, what exactly are they going to do? I suppose they could block my access but it's not like I would get thrown in a Chinese prison.

I have a lot more to worry about from identity thieves, scams and heck, my own government.

Re:The Chinese aren't the reason to use encryption

[LWATCDR]

Depends. Sending any igs files of that new project to anybody?
How about that source code.
I fear we are getting way too comfortable with email for my taste.

Re:The Chinese aren't the reason to use encryption

[Tridus]

Yeah, seriously. I'm a lot more concerned about what the US government and the molestation department at TSA might do then I am about the Chinese government.

This story is interesting from a tech perspective, but the commentary at the end is BS on a site from a country with ever decreasing privacy standards.

and on the other side of the world...

[schlachter]

Chinese Headlines claim for a period of nearly 21,018,240 minutes...nearly 100% of Internet traffic has been routed through the United States....wonder if they're worried about the balance of power?

Re:I don't think the authors understand cryptograp

[VortexCortex]

2) Can China record or alter any traffic that passes through its network? If the data is sufficiently well encrypted, it can not read that data, although it can record the cyphertext. The fact that China can issue a certificate does not mean that it can read *your* data. It only means that encrypted data sent to Chinese servers can be read by the holder(s) of the encryption keys used by those servers.

I don't think you understand MITM attacks.

Take a moment to look at the list of trusted root certificate authorities in your web browser right now.
FF Preferences > Advanced > Encryption > View Certificates

Notice the Chinese ones? The Chinese government can compel any of those root CAs to produce a certificate for any domain they choose. For example, let's say CNNIC creates rogue certs for Google.com.

1) You request a secure page "https://mail.google.com"
2) MITM intercepts the request and makes their own connection to mail.google.com using the real cert.
3) MITM uses the fake cert to encrypt it's connection to you, and pass you the mail.google.com data.
4) Firefox validates the cert chain and gives you a big "look it's secure" bar, and you just got pwned.

The real problem is with the retarded cert system. Any CA can create certs for any domain without the domain's permission; If the CA is trusted your browser won't complain at all.

This is why it's important to view the certs that you are using (in Firefox, click or hover over the "secure" bar).
Note: If you had a cookie that kept you signed in to gmail, its too late to check the cert after the MITM is logged into your account.