| Recurring |
one_organization, multiple_organization |
(a) The software failure incident related to the redirection of Web traffic to Chinese servers has happened again at one_organization. The incident occurred at least twice, with large amounts of traffic being routed to China in March and April. The incident involved popular sites like Facebook, Twitter, YouTube, and others being redirected to servers in China, affecting organizations such as departments of the U.S. government and Fortune 500 companies [3357].
(b) The software failure incident related to the redirection of Web traffic to Chinese servers has also happened at multiple_organization. The incident was not isolated to a single organization but impacted a "large number of well-known organizations," including many departments of the U.S. government and almost every Fortune 500 company in the U.S. Traffic originating near or in the Asia Pacific region had a higher chance of being diverted through China [3357]. |
| Phase (Design/Operation) |
design |
(a) The software failure incident described in the articles is related to the design phase. The incident involved the rerouting of Internet traffic to Chinese servers, which was a result of a fundamental weakness in the Border Gateway Protocol used to make routing decisions on the Internet [3357]. This weakness allowed for the hijacking of routes, leading to the redirection of traffic to China. The incident was not due to the operation or misuse of the system but rather a flaw in the design of the routing protocol. |
| Boundary (Internal/External) |
within_system, outside_system |
(a) within_system: The software failure incident described in the article is primarily due to contributing factors that originate from within the system. The incident involved the rerouting of Internet traffic to Chinese servers, which was a result of traffic interception via DNS root servers and a fundamental weakness in the Border Gateway Protocol used for routing decisions on the Internet [3357]. The redirection of traffic to China allowed for the potential interception, reading, deletion, or modification of unencrypted communications passing through those servers [3357]. The incident highlights vulnerabilities within the system that allowed for such redirections to occur, indicating an internal system failure.
(b) outside_system: The software failure incident can also be attributed to contributing factors that originate from outside the system. The redirection of Internet traffic to Chinese servers was enabled by the decentralized nature of traffic flows on the Internet, where network information centers, carriers, and other infrastructure players announce available paths to specific destinations [3357]. China effectively positioned itself in the path of traffic by taking advantage of this decentralized system, allowing for the interception and redirection of traffic. Additionally, the incident was related to attacks on Google and other tech firms originating in China, suggesting external factors influencing the software failure incident [3357]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident in the article was primarily due to non-human actions. The incident involved the rerouting of Internet traffic to Chinese servers, which was a result of traffic interception via one of the main DNS root servers. This redirection led to Web surfers in western countries seeing error messages or censored Chinese-language versions of websites, indicating a non-human action causing the failure [3357].
(b) While the incident was primarily due to non-human actions, human actions also played a role in the sense that operators of the servers in China had the capability to read, delete, or edit unencrypted e-mail and other communications passing through those servers during the time of the redirection. This highlights the potential consequences of human actions in exploiting the software failure incident [3357]. |
| Dimension (Hardware/Software) |
software |
(a) The software failure incident reported in the articles is not directly attributed to hardware issues. The incident primarily involved the rerouting of Internet traffic to Chinese servers, which was facilitated by weaknesses in the Border Gateway Protocol and the self-guided nature of Internet traffic flows [3357].
(b) The software failure incident is related to software vulnerabilities and weaknesses in the Border Gateway Protocol, which is used to make routing decisions on the Internet. The incident involved the redirection of Internet traffic to Chinese servers, potentially allowing for interception and manipulation of unencrypted communications passing through those servers [3357]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident described in the articles is malicious in nature. It involved the rerouting of Internet traffic to Chinese servers, allowing for potential interception, reading, deletion, or modification of unencrypted communications passing through those servers. This redirection was not accidental but rather a deliberate hijacking of traffic flows on the Internet, enabling the interception and potential manipulation of data. The incident was linked to a fundamental weakness in the Border Gateway Protocol and was seen as a serious security threat, especially considering the sensitive nature of the data being transmitted [3357]. |
| Intent (Poor/Accidental Decisions) |
poor_decisions |
(a) The software failure incident described in the articles seems to be more related to poor_decisions. The incident involved intentional redirection of Internet traffic to Chinese servers, allowing for potential interception and manipulation of data. This redirection was enabled by exploiting a fundamental weakness in the Border Gateway Protocol, a protocol used to make routing decisions on the Internet. The incident was not considered an accident but rather a deliberate action that took advantage of the decentralized nature of Internet traffic routing [3357]. |
| Capability (Incompetence/Accidental) |
accidental |
(a) The software failure incident related to development incompetence is not explicitly mentioned in the provided article. The incident seems to be more related to a fundamental weakness in the Border Gateway Protocol and the self-guided nature of traffic flows on the Internet, rather than a failure due to lack of professional competence by humans or development organizations.
(b) The software failure incident related to an accidental occurrence is suggested in the article. Bert Hubert, founder of Dutch-based software provider PowerDNS.com, mentioned that what happened in China was likely an accident. He compared it to other mistakes made by countries in the past, indicating that such glitches and misdirects in Web traffic can be accidental occurrences rather than intentional actions [3357]. |
| Duration |
temporary |
The software failure incident described in the article was temporary. It involved the rerouting of Internet traffic to Chinese servers on at least two occasions in March and April, lasting for a limited duration each time. The first instance occurred on March 24, affecting popular sites like Facebook, Twitter, and YouTube, with the duration being unspecified [3357]. The second incident took place on April 8, where 37,000 routes were diverted through networks in China for 17 minutes [3357]. These temporary disruptions in Internet traffic routing were due to specific circumstances rather than being a permanent failure. |
| Behaviour |
omission, other |
(a) crash: The incident described in the articles does not directly involve a system crash where the system loses state and stops performing its intended functions [3357].
(b) omission: The software failure incident involved the system omitting to perform its intended functions by redirecting Web traffic to Chinese servers, causing popular sites like Facebook, Twitter, and YouTube to be inaccessible or displaying error messages [3357].
(c) timing: The timing of the software failure incident was crucial as it involved the system redirecting Internet traffic to Chinese servers for specific durations on March 24 and April 8, affecting a significant portion of the routes for a limited time [3357].
(d) value: The software failure incident did not directly involve the system performing its intended functions incorrectly in terms of the values or outputs produced [3357].
(e) byzantine: The incident did not exhibit the characteristics of a byzantine failure where the system behaves erroneously with inconsistent responses and interactions [3357].
(f) other: The behavior of the software failure incident can be categorized as a hijacking of Internet traffic, where the system allowed itself to intercept and potentially modify the traffic passing through, leading to concerns about data privacy and security [3357]. |