Slashdot Mirror

← Back to Stories (view on slashdot.org)

China Telecom Hijacks US, Canadian Internet Traffic On a Regular Basis, Report Says (itnews.com.au)

Posted by BeauHD on from the business-as-usual dept.

Bismillah writes: China Telecom is up to no good with Border Gateway Protocol (BGP) shenanigans researchers have discovered. The state-owned telco is hijacking and rerouting internet traffic to China via it's U.S. and Canadian points of presence (PoPs). As for how the researchers came to their conclusion, they reportedly "built a route tracing system that monitors BGP announcements and which picks up on patterns suggesting accidental or deliberate hijacks and discovered multiple attacks by China Telecom over the past few years," reports iTNews.

In one example occurring in 2016, "China Telecom diverted traffic between Canada and Korean government networks to its PoP in Toronto," the report says. "From there, traffic was forwarded to the China Telecom PoP on the U.S. West Coast and sent to China, and finally delivered to Korea. Normally, the traffic would take a shorter route, going between Canada, the U.S. and directly to Korea." The telecommunications company is able to reroute the traffic by announcing fake routes via the BGP, which "governs data flow between Autonomous Systems, the large networks operated by telcos, internet providers and corporations."

4 of 64 comments (clear)

  1. so use RPKI by johnjones · · Score: 5, Informative

    the canadian government is surprised to find china did exactly the same thing to them as they did to china...

    come on just implement signing and validation...
    https://blog.benjojo.co.uk/post/are-bgps-security-features-working-yet-rpki

    also get on your DNSSEC and DANE implementations

    1. Re: so use RPKI by petermgreen · · Score: 4, Informative

      Using BGP is the normal way routes are exchanged between carriers on the Internet. It is absoloutely normal for carriers in different countries to have BGP sessions with each other.

      The problem is a combination of laziness and resource limitations mean that carriers and other networks end up trusting each other. Sure filters can be put in place in theory but on a link where thousands of prefixes are normally exchanged maintaining those filters is both a a PITA and a resource drain on the routers.

      Adding to that many networks are cheapskates. Rather than take the shortest path to a destination they will take the cheapest. i.e. they will prefer sending the traffic to a peer or downstream over sending it to an upstream.

      The result of this is it's easy for traffic to get diverted, either accidentally or maliciously, and as long as the traffic reaches it's destination without undue delays it is very likely that no one will notice.

      --
      note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
    2. Re: so use RPKI by Bert64 · · Score: 3, Informative

      Not only that, but traffic going from canada to korea via china isn't unreasonable, it could be the cheapest route or the direct routes could be unavailable for whatever reason. If the traffic was destined from canada to the us and went via china that would be far more suspicious.

      --
      http://spamdecoy.net - free throwaway anonymous email - avoid spam!
  2. Neat, but doesn't matter. by Anonymous Coward · · Score: 2, Informative

    Just encrypt your traffic.