Return of the Guru

Vulnerability of Internet Data Spells Trouble for Insurers

Ara Trembly
Insurance Experts' Forum, November 22, 2010

For some time now, I have been noticing and reporting on threats to Internet traffic and data—threats that could compromise individuals, companies and even governments. Yet it seems that in the insurance and financial services universe, these dangers are repeatedly ignored or shoved aside as insignificant. I’m really starting to feel like a lone voice crying out in the wilderness.

But someone has to deliver the news that—when it comes to the security of virtually anything on the Internet—the emperor is indeed cavorting about in his birthday suit. And that someone might as well be yours truly.

USA Today reported recently that state-owned China Telecom had briefly “hijacked” massive volumes of Internet traffic worldwide in April—including U.S. government and military traffic—and diverted it through servers in China, according to the U.S.-China Economic and Security Review Commission. The italics are mine; just to point out that another country is capable of such an otherwise unthinkable intrusion.

The Commission is a group that was set up by Congress to monitor the national security implications of U.S. trade with China. For those of you who don’t see the connection, the U.S. insurance industry in particular is begging for the opportunity to do business in China. In fact, as I’ve written previously, the documented online incursions into U.S. military (Department of Defense) and commercial (Google) sites from China seem to make little difference in our level of pleading with the Chinese government to allow us to sell policies to some 1.3 billion potential consumers there.

USA Today goes on to point out that although the Commission has no way to determine what, if anything, Chinese telecommunications firms did to the hijacked data (or with it), “incidents of this nature could have a number of serious implications.” Indeed, as the report notes, “This level of access could enable surveillance of specific users or sites.”

The Commission says the diversion lasted for 18 minutes, the report says. It took advantage of the fact that worldwide Internet traffic is constantly shifted around to the most efficient route between two points. In this case, the Commission says, Chinese Telecom manipulated the system to signal to other servers that China was the most efficient route, prompting other servers to begin routing all traffic to about 15% of Internet's destinations through servers in China.

That is a staggering number. As of December 2009—a year ago—there were 234 million websites on the Internet. Even discounting the reality that the new websites are added daily, that means that for those 18 minutes, the Chinese government controlled traffic to or from more than 3.5 million websites.

The commission says the incident affected traffic to and from U.S. government (.gov) and military (.mil) sites, including those for the Senate, the Army, the Navy, the Marine Corps, the Air Force, the Office of the Secretary of Defense, NASA, the Department of Commerce and many others, says USA Today. (Just as an aside: Did you ever wonder why the U.S. military would leave its systems open to such dangerous access?) 

Of course, China Telecom has denied the report, but there is one thing neither they nor anyone else has denied: that they—and others—have the ability to, in essence, control a significant amount of what happens on the Internet.

So the question I have for those of us in this industry is simply this: Is it worth handing over control of our enterprises and our sensitive data to get those juicy China insurance contracts? Are we just assuming that “someone” will do “something” about this?

Maybe they will, but don’t hold your breath.

Ara C. Trembly ( is the founder of Ara Trembly, The Tech Consultant, and a longtime observer of technology in insurance and financial services.

Readers are encouraged to respond to Ara using the “Add Your Comments” box below. He can also be reached at

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

The opinions of bloggers on do not necessarily reflect those of Insurance Networking News.

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

Why You Can't Take a Wrecking Ball to Your Legacy System

If you think of enterprises like collections of neighborhoods that need to be nurtured, you quickly see that architecture, not obliteration, is the key.

Ten Stats About Social, Mobile, Analytics, Big Data, Cloud and Digital

Deployment rates have grown in the year since Novaricaís last study on these topics.

The Apple Bounce: Are Wearables Truly this Big?

I just donít believe it; only 720,000 Androidwear watches were sold in 2014. Apple has been amazingly successful in so many markets. Were they always first? No, a lot of products before. Were they always best? Again, no, superior devices have fallen.

How Quote Data Can Deliver Powerful Business Insights

Quote data often is disregarded due to its volume, but properly managed can offer insights into product and pricing strategy, expense control, cross selling and upselling.

Product Configurators: Moving Insurers toward Self-Sufficiency

Insurers may like a vendorís full service model for updating policy content rules, but they donít want to be held captive if the vendor doesnít offer fast speed-to-market.

Trends in P&C and L/H/A Policy Administration Systems

Novarica research shows that nearly 40 percent of P&C and life/health/annuity carriers are currently replacing or planning to replace a policy administration system.