,
23 tweets,
4 min read
Read on Twitter
Thread:
Big update on the Chinese regime's use of cyberattacks: China Telecom May Have Revealed a New Hacking Method
Column here: theepochtimes.com/china-telecom-…
Big update on the Chinese regime's use of cyberattacks: China Telecom May Have Revealed a New Hacking Method
Column here: theepochtimes.com/china-telecom-…
The Chinese regime may have a new method up its sleeve to steal data. Rather than hack networks and install malware, it can merely divert global internet traffic through its own networks—allowing it to see, store, and steal whatever it likes. (1)
This appears to be the case with recent anomalies seen with China Telecom, a state-owned company under the Chinese regime’s China Telecommunications Corp. (2)
For two hours on June 6, a large portion of mobile device traffic in Europe was diverted through systems controlled by China Telecom. (3)
According to ZDNet, the error was caused after a Border Gateway Protocol (BGP), which reroutes traffic at the internet service provider level, at Swiss data center company Safe Host leaked over 70,000 routes to the Chinese internet service provider. (4) zdnet.com/article/for-tw…
It notes that there are usually safety procedures to prevent BGP leaks such as this, and the issue could have been fixed when it was discovered. (5)
Yet, as ZDNet reported, “instead of ignoring the BGP leak, China Telecom re-announced Safe Host’s routes as its own, and by doing so, interposed itself as one of the shortest ways to reach Safe Host’s network and other nearby European telcos and ISPs.” (6)
Because of this, data from European mobile networks were rerouted through China Telecom’s networks, which could have exposed the data to the Chinese state-run company. This also slowed connections for some users, and affected connections for others. (7)
And, as Doug Madory of Oracle told ZDNet, the duration of the supposed error was oddly long: “Often routing incidents like this only last for a few minutes, but in this case, many of the leaked routes in this incident were in circulation for over two hours.” (8)
It’s unclear what caused the issue, but this isn’t the first time China Telecom has done that. And the timing of previous incidents—and major networks affected—suggest something deeper is at play. (9)
In April 2010, 15 percent of the world’s internet traffic was routed through China Telecom networks. The error that caused this was the same—rerouting of BGP data. Only then, it was called out as a type of cyberattack known as “IP hijacking.” (10) arstechnica.com/information-te…
A report at the time from the U.S.-China Economic and Security Review Commission stated that the China Telecom breach caused U.S. and other international internet traffic to flow through the Chinese regime’s servers. This included many sensitive networks. (11)
“This incident affected traffic to and from U.S. government (‘‘.gov’’) and military (‘‘.mil’’) sites, including those for the Senate, the Army, the Navy, the Marine Corps, the Air Force, the Office of Secretary of Defense" ... (12)
... the National Aeronautics and Space Administration, the Department of Commerce, the National Oceanic and Atmospheric Administration, and many others." ... (13)
Certain commercial websites were also affected, such as those for Dell, Yahoo!, Microsoft, and IBM,” the report states. (14) uscc.gov/sites/default/…
According to the report, this could have allowed the Chinese regime to monitor users and data, block access to certain websites or data, conceal another cyberattack, and even compromise the integrity of secured, encrypted connections. (15)
A similar data breach through China Telecom was again uncovered in 2015, after former U.S. President Barack Obama signed an agreement with Chinese leader Xi Jinping to end the use of hacking for commercial gain. (16)
This also came after the United States indicted five Chinese military hackers with Unit 61398 for stealing intellectual property from U.S. companies for the benefit of Chinese companies. (17)
Military Cyber Affairs, a journal published by the Military Cyber Professionals Association, discussed the breach in a 2018 report, which said the CCP may have been switching from cyber attacks to a more subtle method to steal data from targeted networks or companies. (18)
“Conveniently, China Telecom has 10 strategically placed, Chinese-controlled internet ‘points of presence’ (PoPs) across the internet backbone of North America,” the report said. (19)
During the 2015 breach, China Telecom hijacked internet data as it traveled through this infrastructure, and redirected this data to China for “malicious use.” (20) theepochtimes.com/china-stole-da…
The report noted that, through this method, the CCP could “access to the organization’s network, to stealing valuable data, adding malicious implants to seemingly normal traffic, or simply modifying or corrupting valuable data.” (21)
It also noted, “The prevalence of and demonstrated ease with which one can simply redirect and copy data by controlling key transit nodes buried in a nation’s infrastructure requires an urgent policy response.” (22)
/End/
/End/
