Slashdot Mirror

← Back to Stories (view on slashdot.org)

Chinese ISPs Caught Injecting Ads And Malware In Their Network Traffic (thehackernews.com)

Posted by BeauHD on from the Great-Firewall-of-China dept.

Chinese Internet Service Providers (ISPs) have been caught red-handed for injecting advertisements as well as malware through their network traffic. Three Israeli researchers uncovered that the major Chinese-based ISPs named China Telecom and China Unicom, two of Asia's largest network operators, have been engaged in an illegal practice of content injection in network traffic. Chinese ISPs had set up many proxy servers to pollute the client's network traffic not only with insignificant advertisements but also malware links, in some cases, inside the websites they visit. If an Internet user tries to access a domain that resides under these Chinese ISPs, the forged packet redirects the user's browser to parse the rogue network routes. As a result, the client's legitimate traffic will be redirected to malicious sites/ads, benefiting the ISPs.

35 of 77 comments (clear)

  1. Nice by Greyfox · · Score: 5, Insightful

    See? We're not so different after all!

    --

    I'm trying to teach myself to set people on fire with my mind... Is it hot in here?

    1. Re: Nice by myowntrueself · · Score: 1

      Now we only need some mass shootings and a song on schools saluting the Chinese flag.

      And Chinese national anthem on every. single. fucking. sporting event.

      --
      In the free world the media isn't government run; the government is media run.
  2. I'm shocked...well not that shocked by Anonymous Coward · · Score: 3, Funny

    China eh? Always trustworthy.
    Glad all of our electronics aren't manufactured there right?

  3. I don't blame them by ickleberry · · Score: 1

    I wish more ISP's would start injecting ads to replace those injected by the Almighty GOOG. You rarely see text ads anymore which were the only somewhat tolerable (in small doses) of ads and now that the Almighty GOOG controls the market prices have gone out of all proportion and way out of budget for a lot of smaller companies.

    It would be worth it even just to see the Almighty GOOG throw more of their weight behind net neutrality (because now they only support it when it suits them)

    1. Re:I don't blame them by GuB-42 · · Score: 3, Interesting

      1- High price for ads is a good thing.
      2- The "Almighty GOOG" does not "inject" ads. It puts them where the original site owner tell they should be placed, in exchange for money.
      3- Ad injection/replacement by ISPs is the worst. The ad provider and most importantly the content owner lose money and you still see ads. And unlike with ad-blockers you can't turn it off if you want to support the site you are visiting. The ISP shouldn't serve you ads, you already pay it with money.

    2. Re:I don't blame them by wbr1 · · Score: 2

      Point out flashy, animated, noisy, malware ridden ads from google please. Goggle may not be innocent, but they ar far, far, from the worst offender in this realm.

      --
      Silence is a state of mime.
    3. Re:I don't blame them by Dcnjoe60 · · Score: 2

      The ISP shouldn't serve you ads, you already pay it with money.

      That doesn't stop Hulu.

  4. Bu.. bu.. bu.. bu.. but the USA by S48D31F68E4S2 · · Score: 1

    Bu.. bu.. bu.. bu.. but the USA does this all the time! And it does it more and worse!!! And the U. S. A. !!!! blah....

  5. https by Anonymous Coward · · Score: 2, Insightful

    HTTPS everywhere please.

    1. Re: https by Anonymous Coward · · Score: 1

      Won't matter when the ISP's enforce client certificates in order to connect to the Internet. Then we are all screwed.

    2. Re: https by KGIII · · Score: 1

      > The rest of us want a secure and reliable internet.

      That's amusing. It really is. This mishmash of "stuff" we call the internet is not now (nor will it ever be) secure *or* reliable. HTTPS is not going to change that. If you knew what drove and provisions the internet, well... Lemme just say, you shouldn't be pissed when it fails, you should be shocked that it works at all.

      --
      "So long and thanks for all the fish."
  6. Questions by Archtech · · Score: 5, Interesting

    "Three Israeli researchers uncovered that the major Chinese-based ISPs named China Telecom and China Unicom, two of Asia's largest network operators, have been engaged in an illegal practice of content injection in network traffic".

    As a matter of interest, what laws does this contravene? If it happens in China, isn't it a matter for Chinese law? And is it likely that the Chinese government, which is often said to monitor all network traffic assiduously, would fail to notice such practices?

    Also, I am doubtful about taking the word of Israeli researchers on such a matter. Israel, like the USA, has been deeply involved in hacking, spying, mass surveillance and even the insertion of (no doubt "illegal" an certainly extremely damaging) viruses such as Stuxnet. Presumably people who would engage systematically in such activities would not be beyond falsifying research findings.

    --
    I am sure that there are many other solipsists out there.
    1. Re:Questions by Gaygirlie · · Score: 1

      I was just thinking of the use of the word "illegal" there and then I happened to read your comment; which country's laws are the ones that are being talked about here and is this actually illegal in China or not? Did those Israeli researchers report this practice to any authorities or are they just fishing for attention, but not actually doing anything about this otherwise? Also, if they did report this stuff to authorities and if it was illegal in China how likely is it that anything will be done and what sorts of consequences could one expect?

    2. Re:Questions by larryjoe · · Score: 1

      "Three Israeli researchers uncovered that the major Chinese-based ISPs named China Telecom and China Unicom, two of Asia's largest network operators, have been engaged in an illegal practice of content injection in network traffic".

      As a matter of interest, what laws does this contravene? If it happens in China, isn't it a matter for Chinese law? And is it likely that the Chinese government, which is often said to monitor all network traffic assiduously, would fail to notice such practices?

      Good point. This may not actually be illegal in China. It may also be expected from Chinese users. However, it is scary, nonetheless.

      Also, I am doubtful about taking the word of Israeli researchers on such a matter. Israel, like the USA, has been deeply involved in hacking, spying, mass surveillance and even the insertion of (no doubt "illegal" an certainly extremely damaging) viruses such as Stuxnet. Presumably people who would engage systematically in such activities would not be beyond falsifying research findings.

      If Israelis and Americans are "deeply involved in hacking, spying, mass surveillance ...", that would make them experts that would actually know about these things and how to detect them. The allegation that experts would necessarily be more prone to falsifying findings is a non sequitur. There may be reasons to assume a propensity to propaganda on the part of the Israelis (and any Western nation that criticizes the Chinese), but that is a completely separate issue.

    3. Re:Questions by Z00L00K · · Score: 1

      It would be a lot more fun to serve those a redirect to some odd server, like 4chan.

      --
      If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
  7. And what will you do? by SeaFox · · Score: 2

    The major Chinese ISPs are the major telecom providers. Aren't those State owned?

    Would anyone really have the guts to complain to the government.

    1. Re: And what will you do? by techabuse · · Score: 1

      More like, if you complain, they take your guts.

    2. Re:And what will you do? by gl4ss · · Score: 1

      complain to the party that the isp running officials are profiteering from state owned hardware.

      depending on the sum profiteered they get either prison or worse.

      oh and most likely scenario is just that they're simply injecting ads and by 'they' I mean some entrepreneur downline in the organization most likely, who just happens to have access or authority to turn it on. that the ads contain malware is just a side effect.

      just a few month ago the ads on slashdot contained malware("app store install" type of shit) and autopopups(with deceiving, os mimicking window design) when viewed from asia on android. asians will try all kinds of marketing bullshit and think it's legit.

      besides than that, the copyrights and such aren't that different over in china.. they're just very sloppily enforced.

      --
      world was created 5 seconds before this post as it is.
    3. Re:And what will you do? by Z00L00K · · Score: 1

      besides than that, the copyrights and such aren't that different over in china.. they're just very sloppily enforced.

      Rather like not enforced at all except if it's infringing on the rights of some local VIP.

      --
      If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
    4. Re:And what will you do? by Dr.Saeuerlich · · Score: 3, Interesting

      yes, they are even set up in some pseudo rivalry. I assume it was intended, originally, to create some sort of competition. Except it created a duopoly where they both carved up the market between them. i.e. in some parts of town you can only get China Telecom and Unicom will simply tell you they don't serve that area, and the other way round.

      However, they also make life difficult. Competition, in Chinese terms, is not making life for the other corporation difficult, but for its customers. They too are the enemy. So if you happen to have multiple corporate sites, some on Unicom, some on Telecom, you can expect that connectivity between them will be quite bad, because the Telcos are punishing you for signing up with the competition - as if you had a choice...

      And even though China Telecom's motto is "Service, First and Foremost" it's just as much an empty slogan as Kim Jong-Un's propaganda is. Actually, I'm pretty sure the China Telecom "service halls" have been modeled on some hell from Dante's Inferno. Waiting in queue to speak to a human to get anything done there will waste precious hours of your life.

  8. SubjectsInCommentsAreStupidCauseTheSubjectIsTFA by Anonymous Coward · · Score: 1

    I suggest you look into your browser\OS's list of trusted CAs. You'll find many many questionable ones to say the least.
    Turkish, hongkongese, taiwanese and yes, even chinese ones.

    1. Re:SubjectsInCommentsAreStupidCauseTheSubjectIsTFA by Anonymous Coward · · Score: 1

      You're right, that's an issue. It would have been nice if there was a browser plugin to allow the user to assign ratings to all the root certs that come bundled with the browsers. That way, I would at least get a 'warning' if I was about to visit a site certified by a CA that I marked as 'low trust' .. I would then have the chance to cancel the navigation or run with extra restrictions, or run in a sandboxed browser... and know that the content could be dubious.

  9. Not news? by NickHydroxide · · Score: 4, Informative

    I lived in China for a number of years, and this has been going on for a long time now (at least, with my ISP China Unicom). Absolute PITA, but that pretty much describes most online experiences in China (with the exception of Taobao, which is head and shoulders above Ebay).

    1. Re:Not news? by ebonum · · Score: 1

      Mod up parent. This is old news. They have been doing this for a decade or more.

    2. Re:Not news? by Balthisar · · Score: 3, Interesting

      China Unicom on my phone is pretty good at not making it obvious that they're tampering with my traffic. They're also pretty friendly to VPNs running on my phone.

      China Telecom, though, provides my home fiber service, and I've been getting their ads for years and years, including on my own sites! Calling and complaining about it has never had any effect. Unfortunately China Telecom is getting better and better at detecting and taking down VPNs, meaning that I can't leave my router-based VPN running all the time.

      The fact that these ads are served over Bing makes me wonder why Microsoft doesn't get involved...

      And, yeah, Bing is crap (for what I search for), but at least it works when the VPN isn't connecting.

      --
      --Jim (me)
  10. I'm a good citizen. by penguinoid · · Score: 1

    I use special software to make sure that scum like this can't profit from my internet connection.

    --
    Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
  11. Re: SubjectsInCommentsAreStupidCauseTheSubjectIsTF by techabuse · · Score: 1

    You can change root CA permissions in Firefox, it's just all-or-nothing per certificate for code signing, site ID, and something else I'm too lazy to look up. I nuke plenty of dodgy CAs on every fresh install... Never really noticed a problem while browsing.

  12. And this is why I block china. by WarlockD · · Score: 1

    Seriously, I refresh the IP space evey week for China, Russa, Africa and starting to look at South America. I can say it helped immensely on the spam to my grandma even before it gets to spam assassin. If I have to virtually visit those county, it all goes though a vmware image though an anonymous internet vpn. It sounds insane till you get ping ddosed from a site you just visited:P

    1. Re:And this is why I block china. by barbariccow · · Score: 1

      It sounds insane till you get ping ddosed from a site you just visited:P

      ping ddosed? I remember doing that........... in 1997 it was a thing.

  13. Thanks for confirming it by Dr.Saeuerlich · · Score: 1

    Every once in a while I got Chinese ads served on Western websites that never serve ads otherwise, especially not Chinese ones, and it would only stop when the VPN was turned on. The ads were in most case pop-overs that would appear on the bottom of pages. I suspected long ago that China Telecom was somehow adding their own ads to my browsing "experience".

    1. Re:Thanks for confirming it by Balthisar · · Score: 1

      View source. You'll see a single line of Javascript when this bullshit happens. So far in all cases, reloading the page fixes it.

      This is especially infuriating, though, when trying to use a search engine. When I'm not using a VPN I usually use Bing because it actually works. When these ads pop up they actually make Bing unusable. Their shitty Javascript interferes.

      --
      --Jim (me)
    2. Re:Thanks for confirming it by Dr.Saeuerlich · · Score: 1

      interesting. I never bothered to look at the source. But I haven't encountered any of these ads recently as I'm pretty much on a VPN 99.99% of the time. Most outside websites are pretty much unusable without VPN these days. Im lucky that my company is a WFOE and shells out good money so they can afford a legal VPN that bypasses most of the bullshit the GFW and Chinese ISPs throw at you.

  14. This is not news by dwillden · · Score: 2

    In 2008 while deployed to Afghanistan I noticed many sites displaying as corrupted and started digging. Turns out the internet service provided for personal use by troops was subject suffering from this. The service (which we paid for) was satellite service operated on the base by Indian Nationals but was routing through Chinese internet providers and every url served had a script injected. I complained, and raised the security concerns but it was never fixed. It was clumsily done so no-script blocked the injected script and my websites started displaying properly again. But I didn't really have the time or resources to dig further.

    --
    I'm too lazy to compose a creative sig.
  15. Re:Easy as ABC - Anywhere But China by KGIII · · Score: 1

    Assuming you want to buy electronics that are general compute devices, not buying Chinese-made products is not a realistic option. Hell, I am not even sure if you can buy a microwave without it having components from China. At best, you might find something assembled somewhere that is not China. I am not sure what that will net you, but you might be able to.

    Find me a general use compute device with zero components sourced from China. Just one will do. I *almost* guarantee that you can not. The device you used to send your message is either exceptionally old (and I do mean very, very old) or has components that come from China, bare minimum. I'm pretty sure that it's neigh on impossible to find such a device, even if you wanted to.

    Interestingly enough, this flat and small Earth concept was meant to result in a rising tide raising all ships and was a goal to aid the impoverished as well as result in greater income equality. Funny that...

    --
    "So long and thanks for all the fish."
  16. Re:Easy as ABC - Anywhere But China by KGIII · · Score: 1

    What, a brick? Seriously, what do you have that has zero components from China?

    --
    "So long and thanks for all the fish."