A funny thing happened to some traffic heading to Facebook earlier this week. It ended up going out of the way through China.
Barrett Lyon, an entrepreneur and network security expert who blogged about the incident on Tuesday, suggested it was merely an accident. But Rodney Joffe, senior technologist at DNS (Domain Name System) registry Neustar, disagrees and described it as "route hijacking."
"It's real. It is happening. It can't be described as an 'accident' anymore," Joffe, who observed similar traffic snafus involving China, said in an e-mail to CNET today.
China is notorious for its efforts at censoring the Internet, and free speech activists worry about the government being able to snoop on citizens' Internet communications, although what officials there would want with U.S. citizens' traffic is anyone's guess.
Here's what happened, according to Lyon's post:
"Quietly this morning customers of AT&T browsing Facebook did so by way of China then Korea. Typically, AT&T customers' data would have routed over the AT&T network directly to Facebook's network provider, but due to a routing mistake their private data went first to Chinanet then via Chinanet to SK Broadband in South Korea, then to Facebook. This means that anything you looked at via Facebook without encryption was exposed to anyone operating Chinanet, which has a very suspect modus operandi."
In his analysis, Lyon speculates that most likely nothing happened to the data.
"Yet China is well known for its harmful networking practices by limiting network functionality and spying on its users, and when your data is flowing over their network, your data could be treated as any Chinese citizens.' Does that include capturing your session ID information, personal information, emails, photos, chat conversations, mappings to your friends and family, etc? One could only speculate, however it's possible."
Lyon also questions whether Facebook or AT&T should have notified customers of the problem, whether Facebook should enable SSL (Secure Sockets Layer) encryption by default (in early February), and whether high-profile sites should be allowed to route to non-authenticated networks.
"This happens all the time--the Internet is just not a trusted network," he wrote. "Yet I prefer to know that when I am on AT&T's network, going to U.S.-located sites, my packets are not accidentally leaving the country and being subject to another nation's policies."