Chinese ISPs Caught Injecting Ads And Malware In Their Network Traffic

Chinese Internet Service Providers (ISPs) have been caught red-handed for injecting advertisements as well as malware through their network traffic. Three Israeli researchers uncovered that the major Chinese-based ISPs named China Telecom and China Unicom, two of Asia's largest network operators, have been engaged in an illegal practice of content injection in network traffic. Chinese ISPs had set up many proxy servers to pollute the client's network traffic not only with insignificant advertisements but also malware links, in some cases, inside the websites they visit. If an Internet user tries to access a domain that resides under these Chinese ISPs, the forged packet redirects the user's browser to parse the rogue network routes. As a result, the client's legitimate traffic will be redirected to malicious sites/ads, benefiting the ISPs.

Nice

[Greyfox]

See? We're not so different after all!

Re: Nice

Now we only need some mass shootings and a song on schools saluting the Chinese flag.

Re: Nice

Good thing Israel is there to fight on our behalf. Perhaps we should pay them to start building settlements around Beijing.

Re: Nice

[myowntrueself]

Now we only need some mass shootings and a song on schools saluting the Chinese flag.

And Chinese national anthem on every. single. fucking. sporting event.

Re:Nice

See? We're not so different after all!

(Comcast, Microsoft, Facebook, Google, etc): "Why didn't WE think of that???"

Re: Nice

They generally use knives for their mass killings, but they do have a few mass shootings from time to time that slip through the censor net.

Sum Ting Wong

Uh-oh

Watch out Verizon

Looks like they are almost as bad as Verizon.

Typical, but Trump will fix stuff like this, American will regain it's stop as the worst ad and malware injector.

I'm shocked...well not that shocked

China eh? Always trustworthy.
Glad all of our electronics aren't manufactured there right?

I don't blame them

[ickleberry]

I wish more ISP's would start injecting ads to replace those injected by the Almighty GOOG. You rarely see text ads anymore which were the only somewhat tolerable (in small doses) of ads and now that the Almighty GOOG controls the market prices have gone out of all proportion and way out of budget for a lot of smaller companies.

It would be worth it even just to see the Almighty GOOG throw more of their weight behind net neutrality (because now they only support it when it suits them)

Re:I don't blame them

[GuB-42]

1- High price for ads is a good thing.
2- The "Almighty GOOG" does not "inject" ads. It puts them where the original site owner tell they should be placed, in exchange for money.
3- Ad injection/replacement by ISPs is the worst. The ad provider and most importantly the content owner lose money and you still see ads. And unlike with ad-blockers you can't turn it off if you want to support the site you are visiting. The ISP shouldn't serve you ads, you already pay it with money.

Re:I don't blame them

[wbr1]

Point out flashy, animated, noisy, malware ridden ads from google please. Goggle may not be innocent, but they ar far, far, from the worst offender in this realm.

Re:I don't blame them

[Dcnjoe60]

The ISP shouldn't serve you ads, you already pay it with money.

That doesn't stop Hulu.

Re: I don't blame them

[valdezjuan]

Not to mention you are basically stealing food from the mouths of the providers children by not allowing them to monitize everything about you. In fact, you should preemptivly give them a json file with all your particulars and those of your families. Hell, include the pets too!

Re:I don't blame them

Do you really think that Google, the company that has a tiny marketshare in non-Hong Kong China, has any say in net neutrality in China?

Furthermore, are you disillusioned enough to believe that Communist China cares about net neutrality? The country is hellbent on spying on everyone, including its own citizens. I would not be at all surprised if the malware being pushed by the ISPs was targeted to specific users by the government. At the exact same time, I wouldn't be surprised to find out that the ISPs were just issuing malware to make some extra money. It's that bad.

Bu.. bu.. bu.. bu.. but the USA

[S48D31F68E4S2]

Bu.. bu.. bu.. bu.. but the USA does this all the time! And it does it more and worse!!! And the U. S. A. !!!! blah....

https

HTTPS everywhere please.

Re:https

No, fuck off, in 10 years you will not be able to even fetch some public page/file with an older client because of servers trying to "upgrade" your connection or giving security bullshit errors.

Re: https

No you fuck off with your 10 year old hardware and software. The rest of us want a secure and reliable internet.

Re: https

Won't matter when the ISP's enforce client certificates in order to connect to the Internet. Then we are all screwed.

Re: https

[KGIII]

> The rest of us want a secure and reliable internet.

That's amusing. It really is. This mishmash of "stuff" we call the internet is not now (nor will it ever be) secure *or* reliable. HTTPS is not going to change that. If you knew what drove and provisions the internet, well... Lemme just say, you shouldn't be pissed when it fails, you should be shocked that it works at all.

Questions

[Archtech]

"Three Israeli researchers uncovered that the major Chinese-based ISPs named China Telecom and China Unicom, two of Asia's largest network operators, have been engaged in an illegal practice of content injection in network traffic".

As a matter of interest, what laws does this contravene? If it happens in China, isn't it a matter for Chinese law? And is it likely that the Chinese government, which is often said to monitor all network traffic assiduously, would fail to notice such practices?

Also, I am doubtful about taking the word of Israeli researchers on such a matter. Israel, like the USA, has been deeply involved in hacking, spying, mass surveillance and even the insertion of (no doubt "illegal" an certainly extremely damaging) viruses such as Stuxnet. Presumably people who would engage systematically in such activities would not be beyond falsifying research findings.

Re:Questions

[Gaygirlie]

I was just thinking of the use of the word "illegal" there and then I happened to read your comment; which country's laws are the ones that are being talked about here and is this actually illegal in China or not? Did those Israeli researchers report this practice to any authorities or are they just fishing for attention, but not actually doing anything about this otherwise? Also, if they did report this stuff to authorities and if it was illegal in China how likely is it that anything will be done and what sorts of consequences could one expect?

Re:Questions

Exactly. Outside of the US and Europe, the internet is a cesspool with nuggets floating everywhere. Our midcap company has a policy of dropping *all* incoming Chinese, Middle East, South American and Russian IPs. Nothing worthwhile ever comes over the wire from those countries so it keeps our Windows servers and desktops safer.

Re:Questions

As a matter of interest, what laws does this contravene? If it happens in China, isn't it a matter for Chinese law? And is it likely that the Chinese government, which is often said to monitor all network traffic assiduously, would fail to notice such practices?

Also, I am doubtful about taking the word of Israeli researchers on such a matter.

Whereas I am doubtful of entertaining the red herrings raised by the Chinese communist party official who posed this dreck.

Re:Questions

[larryjoe]

"Three Israeli researchers uncovered that the major Chinese-based ISPs named China Telecom and China Unicom, two of Asia's largest network operators, have been engaged in an illegal practice of content injection in network traffic".

As a matter of interest, what laws does this contravene? If it happens in China, isn't it a matter for Chinese law? And is it likely that the Chinese government, which is often said to monitor all network traffic assiduously, would fail to notice such practices?

Good point. This may not actually be illegal in China. It may also be expected from Chinese users. However, it is scary, nonetheless.

Also, I am doubtful about taking the word of Israeli researchers on such a matter. Israel, like the USA, has been deeply involved in hacking, spying, mass surveillance and even the insertion of (no doubt "illegal" an certainly extremely damaging) viruses such as Stuxnet. Presumably people who would engage systematically in such activities would not be beyond falsifying research findings.

If Israelis and Americans are "deeply involved in hacking, spying, mass surveillance ...", that would make them experts that would actually know about these things and how to detect them. The allegation that experts would necessarily be more prone to falsifying findings is a non sequitur. There may be reasons to assume a propensity to propaganda on the part of the Israelis (and any Western nation that criticizes the Chinese), but that is a completely separate issue.

Re:Questions

[Z00L00K]

It would be a lot more fun to serve those a redirect to some odd server, like 4chan.

Re:Questions

International copyright law possibly. They are producing derivative work of the website...

Re:Questions

Good point. This may not actually be illegal in China. It may also be expected from Chinese users. However, it is scary, nonetheless.

Chinese users may expect their own paid ISPs to inject malware? I otherwise agree with you.

Re:Questions

Lol you're such a bigot. By your logic, since some people in NYC snatch purses, then everyone in NYC is a pursesnatcher and can't be trusted.

And what will you do?

[SeaFox]

The major Chinese ISPs are the major telecom providers. Aren't those State owned?

Would anyone really have the guts to complain to the government.

Re: And what will you do?

[techabuse]

More like, if you complain, they take your guts.

Re:And what will you do?

[gl4ss]

complain to the party that the isp running officials are profiteering from state owned hardware.

depending on the sum profiteered they get either prison or worse.

oh and most likely scenario is just that they're simply injecting ads and by 'they' I mean some entrepreneur downline in the organization most likely, who just happens to have access or authority to turn it on. that the ads contain malware is just a side effect.

just a few month ago the ads on slashdot contained malware("app store install" type of shit) and autopopups(with deceiving, os mimicking window design) when viewed from asia on android. asians will try all kinds of marketing bullshit and think it's legit.

besides than that, the copyrights and such aren't that different over in china.. they're just very sloppily enforced.

Re:And what will you do?

[Z00L00K]

besides than that, the copyrights and such aren't that different over in china.. they're just very sloppily enforced.

Rather like not enforced at all except if it's infringing on the rights of some local VIP.

Re:And what will you do?

[Dr.Saeuerlich]

yes, they are even set up in some pseudo rivalry. I assume it was intended, originally, to create some sort of competition. Except it created a duopoly where they both carved up the market between them. i.e. in some parts of town you can only get China Telecom and Unicom will simply tell you they don't serve that area, and the other way round.

However, they also make life difficult. Competition, in Chinese terms, is not making life for the other corporation difficult, but for its customers. They too are the enemy. So if you happen to have multiple corporate sites, some on Unicom, some on Telecom, you can expect that connectivity between them will be quite bad, because the Telcos are punishing you for signing up with the competition - as if you had a choice...

And even though China Telecom's motto is "Service, First and Foremost" it's just as much an empty slogan as Kim Jong-Un's propaganda is. Actually, I'm pretty sure the China Telecom "service halls" have been modeled on some hell from Dante's Inferno. Waiting in queue to speak to a human to get anything done there will waste precious hours of your life.

SubjectsInCommentsAreStupidCauseTheSubjectIsTFA

I suggest you look into your browser\OS's list of trusted CAs. You'll find many many questionable ones to say the least.
Turkish, hongkongese, taiwanese and yes, even chinese ones.

Re:SubjectsInCommentsAreStupidCauseTheSubjectIsTFA

You're right, that's an issue. It would have been nice if there was a browser plugin to allow the user to assign ratings to all the root certs that come bundled with the browsers. That way, I would at least get a 'warning' if I was about to visit a site certified by a CA that I marked as 'low trust' .. I would then have the chance to cancel the navigation or run with extra restrictions, or run in a sandboxed browser... and know that the content could be dubious.

Tails Linux 2.2 Adds libdvdcss2

Tails Linux 2.2 Adds libdvdcss2 For Viewing Protected DVDs

So with this addition:

https://tails.boum.org/news/te...
https://archive.is/KhhEe

"Add support for viewing DRM protected DVD videos using libdvdcss2. Patch series submitted by Austin English (Closes: #7674)[1]"

[1] https://labs.riseup.net/code/i...
        https://archive.is/hXgYe

Is it now ILLEGAL to use Tails in the United States?

Best adblocker (& more for speed + security)

APK Hosts File Engine 9.0++ SR-4 32/64-bit http://www.start64.com/index.p...

Gets data for more speed & security via 10 security community sites.

Better on power/cpu/ram+ IO resource use vs. local DNS servers + addons w/ less security issues vs. DNS + routers.

Blocks all ads + bad sites & less complex vs firewalls (they need layered filtering drivers - hosts don't + firewalls block far less used IP addresses, hosts block FAR more used host-domain names) complimenting 'em.

* Even Antivirus = reactive. Hosts = proactive, blocking infection BEFORE you get it.

APK

P.S.=> Hosts do more for speed (hardcoded favs + adblocks) & are faster than addons, security (blocking bad sites & dns security issues), reliability (vs. downed & poisoned dns), & anonymity (dns requestlogs + trackers) vs. other "so-called -solutions'" w/ what you natively have. Unlike Adblock\UBlock\Ghostery it's not blockable by ClarityRay/BlockIQ + uses FAR LESS RESOURCES & does more

... apk

So, just like the USA.

Except it might be less prevalent...

Re: Best adblocker (& more for speed + securit

Yay !!!!!!! It's APK again ! I missed your rantings buddy. Have the UN sputnik mind control lasers stopped bothering you for a while ?

Not news?

[NickHydroxide]

I lived in China for a number of years, and this has been going on for a long time now (at least, with my ISP China Unicom). Absolute PITA, but that pretty much describes most online experiences in China (with the exception of Taobao, which is head and shoulders above Ebay).

Re:Not news?

[ebonum]

Mod up parent. This is old news. They have been doing this for a decade or more.

Re:Not news?

[Balthisar]

China Unicom on my phone is pretty good at not making it obvious that they're tampering with my traffic. They're also pretty friendly to VPNs running on my phone.

China Telecom, though, provides my home fiber service, and I've been getting their ads for years and years, including on my own sites! Calling and complaining about it has never had any effect. Unfortunately China Telecom is getting better and better at detecting and taking down VPNs, meaning that I can't leave my router-based VPN running all the time.

The fact that these ads are served over Bing makes me wonder why Microsoft doesn't get involved...

And, yeah, Bing is crap (for what I search for), but at least it works when the VPN isn't connecting.

Re:Not news?

I can confirm, it's old news. "illegal practice" got me, why would it be illegal in china? Maybe they're guilty of slander.

Me Chinese

Me Chinese

Exploit Socks

Me Put Malware

On Your Box

Re:Me Chinese

Socks have exploits? Jesus, that explains where all the holes come from.

Re: Me Chinese

No, Jesus explains why the socks are holy.

Re:Best adblocker (& more for speed + security

come on apk, at least comment on the fucking topic. no wonder you were banned. i thought it waskinda bullshit, but if all you are doing is spamming this site with your product, i think they might have made the right call.

p.s. at least try to appear on topic and comment on the topic and maybe trim this down and use it as a sig... that way you seem less like a spambot and more like a contributing member here at /.

I'm a good citizen.

[penguinoid]

I use special software to make sure that scum like this can't profit from my internet connection.

in other news

Water is wet in china just like america.

Re: SubjectsInCommentsAreStupidCauseTheSubjectIsTF

[techabuse]

You can change root CA permissions in Firefox, it's just all-or-nothing per certificate for code signing, site ID, and something else I'm too lazy to look up. I nuke plenty of dodgy CAs on every fresh install... Never really noticed a problem while browsing.

Sometimes not, especially for minimised comments

For posts which have been minimised due to score, but not hidden, the comment subject is an important way of specifying/summarising what you are talking about, so that people know whether to bother expanding, and can often get the gist without expansion. In such cases you do not want to include this summery/tittle in the main comment. I find it useful and like it when others use it appropriately. If you do not then why not just put in the tittle from above, ctrl-c ctrl-v is not so much effort, why should everyone else have their usage removed to save you such a piddling about of time?

And this is why I block china.

[WarlockD]

Seriously, I refresh the IP space evey week for China, Russa, Africa and starting to look at South America. I can say it helped immensely on the spam to my grandma even before it gets to spam assassin. If I have to virtually visit those county, it all goes though a vmware image though an anonymous internet vpn. It sounds insane till you get ping ddosed from a site you just visited:P

Re:And this is why I block china.

[barbariccow]

It sounds insane till you get ping ddosed from a site you just visited:P

ping ddosed? I remember doing that........... in 1997 it was a thing.

Thanks for confirming it

[Dr.Saeuerlich]

Every once in a while I got Chinese ads served on Western websites that never serve ads otherwise, especially not Chinese ones, and it would only stop when the VPN was turned on. The ads were in most case pop-overs that would appear on the bottom of pages. I suspected long ago that China Telecom was somehow adding their own ads to my browsing "experience".

Re:Thanks for confirming it

[Balthisar]

View source. You'll see a single line of Javascript when this bullshit happens. So far in all cases, reloading the page fixes it.

This is especially infuriating, though, when trying to use a search engine. When I'm not using a VPN I usually use Bing because it actually works. When these ads pop up they actually make Bing unusable. Their shitty Javascript interferes.

Re:Thanks for confirming it

[Dr.Saeuerlich]

interesting. I never bothered to look at the source. But I haven't encountered any of these ads recently as I'm pretty much on a VPN 99.99% of the time. Most outside websites are pretty much unusable without VPN these days. Im lucky that my company is a WFOE and shells out good money so they can afford a legal VPN that bypasses most of the bullshit the GFW and Chinese ISPs throw at you.

"... caught red-handed for injecting..."

Dear God, why can you people not simply get some instruction in the English language before polluting the Internet with your senseless gibbering.

Re:Best adblocker (& more for speed + security

Have you ever considered eating your own turds?

Re:Best adblocker (& more for speed + security

Curious so I tried this out. Doesn't it edit the actual hosts file at some point? Do I have to cut and paste? I keep looking at the hosts file but it hasn't been changed. Posting AC for obvious reasons. :)

This is not news

[dwillden]

In 2008 while deployed to Afghanistan I noticed many sites displaying as corrupted and started digging. Turns out the internet service provided for personal use by troops was subject suffering from this. The service (which we paid for) was satellite service operated on the base by Indian Nationals but was routing through Chinese internet providers and every url served had a script injected. I complained, and raised the security concerns but it was never fixed. It was clumsily done so no-script blocked the injected script and my websites started displaying properly again. But I didn't really have the time or resources to dig further.

Easy as ABC - Anywhere But China

Solving this problem is as easy as ABC, when you buy you buy Anywhere But China.
Sometimes you may have to search for what you want, not made there.
The Chinese have shown that they have no care for others, and are playing a LONG GAME we can't understand.
Stop giving them your money!

Re:Easy as ABC - Anywhere But China

[KGIII]

Assuming you want to buy electronics that are general compute devices, not buying Chinese-made products is not a realistic option. Hell, I am not even sure if you can buy a microwave without it having components from China. At best, you might find something assembled somewhere that is not China. I am not sure what that will net you, but you might be able to.

Find me a general use compute device with zero components sourced from China. Just one will do. I *almost* guarantee that you can not. The device you used to send your message is either exceptionally old (and I do mean very, very old) or has components that come from China, bare minimum. I'm pretty sure that it's neigh on impossible to find such a device, even if you wanted to.

Interestingly enough, this flat and small Earth concept was meant to result in a rising tide raising all ships and was a goal to aid the impoverished as well as result in greater income equality. Funny that...

Re:Easy as ABC - Anywhere But China

This is incredibly simplistic and poorly thought out.

Lets say i wanted to buy an Apple Iphone.. Designed in California, made in China.

As the other poster had stated, can you list a single product Made in the USA?

Most of the time people are not even "buying Chinese", they are buying from an american company who chose to outsource to China to maximize profits.

This has gone on for so long you no longer have any "electronics" manufacturing capabilities left.

Re:Easy as ABC - Anywhere But China

I have one on my desk.

Re:Easy as ABC - Anywhere But China

[KGIII]

What, a brick? Seriously, what do you have that has zero components from China?

Why does only shit come from China?

It seems no matter the goods or service, everything we hear coming from is just some manner to cheat scam and steal.

Re:Why does only shit come from China?

Most sources including this one : http://www.symantec.com/content/en/us/enterprise/other_resources/b-istr_main_report_v19_21291018.en-us.pdf state that the US is the largest source of Spam/BOTS and such.

Care to site some sources showing most of the junk is from China?

Neighbours taking lessons

Looks like their neighbours are taking lessons from them as MTNL has been doing this for a while now. I left MTNL because of this shit.

Re:Best adblocker (& more for speed + security

Apk couldn't be more on topic! Can't you read? The article's on malware and ads. Apk's program stops both! Quit trolling.

Re:Best adblocker (& more for speed + security

If you're curious enough to try APK's tools, I have several other executables I'd like you to look into... Optix^H^H^H^H^HSpeedBooster.exe will make your computer faster. It runs in the background. If you see your CPU % go up, that's how you know it's working! It's optimizing! Recofigurating! Ultraopercapitulating!

Re:Best adblocker (& more for speed + security

Apk couldn't be more on topic! Can't you read? The article's on malware and ads. Apk's program stops both! Quit trolling.

You forgot "....apk", apk.

Re:Best adblocker (& more for speed + security

You forgot to post using your registered 'luser' account and you forgot how to read. Apk's on topic, you're not.

It does (you must not be saving as admin)

"his hosts program is actually pretty good" - by xenotransplant (4179011) on Monday August 10

"I like your host file system." - by Karmashock (2415832) on Wednesday September 09, 2015

"APK is kinda right... I've given up on JS based adblocking and gone to blackholing in /etc/hosts, just like it was back in the 90s. The computational load has gotten intolerable for any ad-blocking using JS. I've tried his hosts file generating software. It works." - by bmo (77928) on Thursday October 15, 2015

"In a footnote, I would like to note that I find your hosts file admirable." - by vel-ex-tech (4337079) on Tuesday November 24, 2015

"I've never tried to belittle (APK's) work, I've flat out said it's good" - by BronsCon (927697) on Thursday February 11, 2016

APK

P.S.=> You need to "Run as Administrator" - easily setup in the SHORTCUT properties you made for it (or right clicking on the .exe itself & setting it so will do it too)... apk