Slashdot Mirror
China Telecom Hijacks US, Canadian Internet Traffic On a Regular Basis, Report Says (itnews.com.au)
Bismillah writes: China Telecom is up to no good with Border Gateway Protocol (BGP) shenanigans researchers have discovered. The state-owned telco is hijacking and rerouting internet traffic to China via it's U.S. and Canadian points of presence (PoPs). As for how the researchers came to their conclusion, they reportedly "built a route tracing system that monitors BGP announcements and which picks up on patterns suggesting accidental or deliberate hijacks and discovered multiple attacks by China Telecom over the past few years," reports iTNews.
In one example occurring in 2016, "China Telecom diverted traffic between Canada and Korean government networks to its PoP in Toronto," the report says. "From there, traffic was forwarded to the China Telecom PoP on the U.S. West Coast and sent to China, and finally delivered to Korea. Normally, the traffic would take a shorter route, going between Canada, the U.S. and directly to Korea." The telecommunications company is able to reroute the traffic by announcing fake routes via the BGP, which "governs data flow between Autonomous Systems, the large networks operated by telcos, internet providers and corporations."
In one example occurring in 2016, "China Telecom diverted traffic between Canada and Korean government networks to its PoP in Toronto," the report says. "From there, traffic was forwarded to the China Telecom PoP on the U.S. West Coast and sent to China, and finally delivered to Korea. Normally, the traffic would take a shorter route, going between Canada, the U.S. and directly to Korea." The telecommunications company is able to reroute the traffic by announcing fake routes via the BGP, which "governs data flow between Autonomous Systems, the large networks operated by telcos, internet providers and corporations."
Is anyone going to impose any actual consequences, or are they just too damn big?
"The Internet is not a secure network."
As an Internet user you have no control over where your packets go or how they are routed. China could re-route them. The NSA could re-route them. Your ISP could re-route them. The only "guarantee" you get is the Internet will try really hard to get your packets there by any means necessary. Because there is no way to know where your packets are going to go, you should assume that *anyone* could be reading your packets. ("Packets" meaning the web pages your browse, the credit card details you enter on a website, the emails you send, etc.)
This of course doesn't matter because you encrypt everything you send across the Internet right?
I've given up trying to tell ISP's when their networks are hijacked (it happens, a lot). It's not just China either, Comcast likes to engage in it's own hijacking for example. Many networks simply don't give a shit or want free consulting.
I'm sure there are some of you here that understand BGP but for the rest, in short it's not necessarily a case of Provider C announces Provider A's networks such that Provider B routes through C. There are quite a few metrics that go into how routers decide one routeu over another, some are policy while others are protocol level (link goes down, routes get withdrawn). Having a shorter path or lower latency for example are two ways a third party can fool networks into giving them preference.
Dropping your BGP session is a script kiddie level attack, influencing your routing such that YOU believe I have a better one without making global changes is much more sinister.