, 23 tweets, 4 min read Read on Twitter
Thread: #China has been 'hijacking the vital internet backbone of western countries' - Chinese government turned to local ISP for intelligence gathering after it signed the Obama-Xi cyber pact in late 2015, researchers say 👍A must read👍 zdnet.com/article/china-…
A Chinese state-owned telecommunications company has been "hijacking the vital internet backbone of western countries," according to an academic paper published this week by researchers from the US Naval War College and Tel Aviv University.
The culprit is China Telecom, the country's third-largest telco and internet service provider (ISP), which has had a presence inside North American networks since the early 2000s when it created its first point-of-presence (PoP).
PoPs are data centers that do nothing more than re-route traffic between all the smaller networks that make up the larger internet. These smaller networks are known as "autonomous systems" (AS) and they can be the networks of big tech companies like Google,.......
........ your friendly neighborhood ISP, big tier-1 ISPs like Verizon, university networks, bank networks, web hosting companies, and all entities big enough to have received their own block of IP addresses.
Traffic travels between these AS networks with the help of the Border Gateway Protocol (BGP). This protocol was created in the 80s and does not feature any security controls, allowing anyone to announce a bad BGP route and receive traffic that was not intended for their network.
In the vast majority of cases, these incidents --called BGP hijacks-- happen because of configuration mistakes and are resolved in minutes or hours.

But there are also some networks that hijack BGP routes to send legitimate traffic through malicious servers.
They do this to carry out man-in-the-middle traffic interception, phishing attacks to steal passwords, or to record HTTPS-encrypted traffic to later decrypt it by leveraging cryptographic attacks such as DROWN or Logjam.
In a research paper published this week, researchers reveal that China Telecom has been one of the internet's most determined BGP hijackers around.
Researchers point out that the Chinese government, through China Telecom, has started abusing BGP hijacks after it entered into a pact with the US in September 2015 to stop all government-back cyber operations aimed at intellectual property theft.
"This necessitated new ways to get information while still technically adhering to the agreement," said the researchers. "Since the agreement only covered military activities, Chinese corporate state champions could be tasked with taking up the slack. [...] Enter China Telecom."
The research duo says they've built "a route tracing system monitoring the BGP announcements and distinguishing patterns suggesting accidental or deliberate hijacking."
Using this system, they tracked down long-lived BGP hijacks to the ten PoPs --eight in the US and two in Canada-- that China Telecom has been silently and slowly setting up in North America since the early 2000s.
"Using these numerous PoPs, [China Telecom] has already relatively seamlessly hijacked the domestic US and cross-US traffic and redirected it to China over days, weeks, and months," researchers said.
"While one may argue such attacks can always be explained by normal' BGP behavior, these, in particular, suggest malicious intent, precisely because of their unusual transit characteristics -namely the lengthened routes and the abnormal durations."
In their paper, the duo lists several long-lived BGP hijacks that have hijacked traffic for a particular network, and have made it take a long detour through China Telecom's network in mainland China, before letting it reach its intended and final destination.
Since February 2016 and for about 6 months, routes from Canada to Korean government sites were hijacked by China Telecom & routed through China. On October 2016, traffic from locations in US to a large UK-US bank headquarters in Milan, Italy was hijacked by China Telecom to China
Traffic from Sweden and Norway to the Japanese network of a large American news organization was hijacked to China for about six weeks in April/May 2017.
Traffic to the mail server (and other IP addresses) of a large financial company in Thailand was hijacked several times during April, May, and July 2017. Some of the hijack attacks started in the USA.
Researchers also note that China's internet network is a system that's largely closed off and isolated from the rest of the internet, to which it connects only via three nodes located in Beijing, Shanghai, and Hong Kong.
This isolationist approach to its internet means that China wouldn't be able to carry out BGP hijacks for international traffic because very little goes through its mainland nodes. This is why the PoPs it set up in US, but also throughout Europe and Asia, are so crucial.
"That imbalance in access allows for malicious behavior by China through China Telecom at a time and place of its choosing, while denying the same to the US and its allies," researchers noted.
"The prevalence of and demonstrated the ease with which one can simply redirect and copy data by controlling key transit nodes buried in a nation's infrastructure requires an urgent policy response."
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to IndoPacific_SCS_Info
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!