The U.S.-China Economic and Security Review Commission, which presented a report to Congress on Wednesday, said it had no evidence of anything malicious behind the interception of traffic, or what, if anything, the company did with the data.

But the incident raises concerns about the Internet’s vulnerabilities and how to prevent such occurrences in the future.

“Evidence related to this incident does not clearly indicate whether it was perpetrated intentionally and, if so, to what ends,” the report stated. “However, computer security researchers have noted that the capability could enable severe malicious activities.”

The Chinese company denied that it had hijacked the Internet activity. “The spokesman of China Telecom Corporation Limited denied any hijack of internet traffic,” it said in a statement to Reuters.

The alleged attack took advantage of the way data are sent via numerous servers. Data are supposed to travel along the most efficient route, but this process can be manipulated.

The report said that China Telecom sent an incorrect message to other servers telling them that the fastest route to their desired destinations was through its servers, and over the next 18 minutes, that’s the route they used. Think of it as traffic reporters for radio stations receiving a note telling them that the quickest way through a city was one particular road and broadcasting it to their listeners. It’s unclear how the incident was discovered, but it could be that an Internet service provider spotted the traffic pattern and reported it.

About 15 per cent of Web traffic was rerouted through China’s servers during that time, the report said. It affected traffic to and from U.S. government websites that included the Senate, the Office of the Secretary of Defence and the Department of Commerce. Commercial websites, including Microsoft and Dell, were also affected.

During that time, China Telecom or other government agencies could have spied on all the data passing through their servers. But the commission was cautious about making that assertion.

“Although the commission has no way to determine what, if anything, Chinese telecommunications firms did to the hijacked data, incidents of this nature could have a number of serious implications,” the report stated. “This level of access could enable surveillance of specific users or sites.”

The commission, set up in 2000, advises Congress on national security implications of the economic relationship between the United States and China.

Hasan Cavusoglu, an associate professor of management information systems at the University of British Columbia, said if proper encryption is used, someone monitoring Internet traffic may not be able to make sense of the information. But, he added: “Obviously, the information can be corrupted or delayed to reach its final destination.”

This is not the first time China has come under scrutiny when it comes to the Internet. Canadian researchers last year uncovered a massive online spy ring – dubbed GhostNet – that infected more than 1,000 computers around the world, many of them in foreign ministries and embassies. The vast majority of attacks appeared to originate from China, the researchers found. It prompted an angry denial from Beijing.