China Is Hijacking the US Internet Backbone

AlphaAtlas

AlphaAtlas

[H]ard|Gawd
Staff member
Joined
Mar 3, 2018
Messages
1,713
According to a report published by researchers Chris C. Demchak and Yuval Shavitt, China Telecom is redirecting sensitive internet traffic between the U.S. and other countries through China. China itself only has 3 major access nodes that connect to other countries, leaving China's network relatively isolated from the rest of the internet. The report suggests that China's "technological development process" is "dependent on massive expropriation of foreign R&D," and notes that China signed a deal to stop their military forces from hacking western commercial targets 2015. Therefore, to spy on sensitive data, China would have to do it through a 3rd party. That's where China Telecom comes in: the state owned company has "ten strategically placed, Chinese controlled internet 'points of presence' (PoPs) across the internet backbone of North America," which they use to redirect some data back through China. For example, routes between Canadian and South Korean government sites normally take a direct route overseas. But in 2016, the researchers noticed that data passing through a China Telecom node would be redirected back to the Chinese mainland before going back to Korea. In another case, connections between a "Anglo-American bank
headquarters in Milan, Italy " and branches in the U.S. were hijacked. The paper also notes that there's no reciprocity, as major western ISPs don't have a major presence outside of Hong Kong. The researchers say that an "Access Reciprocity" policy needs to be implemented by governments to control these kinds of attacks.

Today China has ten POPs in North America (eight in the US and two in Canada) while the US has none in China. That imbalance in access allows for malicious behavior by China through China Telecom at a time and place of its choosing, while denying the same to the US and its allies. Note that the hijacked routes come from – or are traveling to – allied states, but the traffic stumbles on China Telecom's PoPs due to the shortest route bias in BGP rules and then is hijacked in the US by the Chinese network. If China Telecom had only one PoP - say in Los Angeles at most - then hijacking would be very difficult to achieve and to obscure from oversight. One could even argue that fairness dictates that China Telecom should not extend beyond Hong Kong unless other global peers were given equivalent access to have PoPs in China itself. A new policy is needed: an "Access Reciprocity" policy on internet PoPs located in North America or, indeed, even with allied democratic nations.
 
  • Like
Reactions: PaulP
like this
Long as companies use encryption when dealing with sensitive data. Shouldn't be a problem
 
There is literally zero accountability for government/military online hacking and network attacks as long as they don't disturb anyone. The overreaching spying is being done by every country to such a significant extent That it's laughable to point a finger at anyone at all. When networks actually become secure then you can become upset when your data is somehow illegally compromised until then enjoy the show
 
Hmm, I'm thinking of some fun that could be had with their wanton desire to pull traffic overseas. Mostly it involves them getting a lot of redirected specialty porn traffic. The next fun thing might be to setup a series of machines to generate a lot of bogus traffic to send over their nodes just to eat up the bandwidth.
 
Inglix_the_Mad said:
Hmm, I'm thinking of some fun that could be had with their wanton desire to pull traffic overseas. Mostly it involves them getting a lot of redirected specialty porn traffic. The next fun thing might be to setup a series of machines to generate a lot of bogus traffic to send over their nodes just to eat up the bandwidth.
Click to expand...

The latter is a plausible mitigation I'd say. Especially if they're trying to decrypt traffic. If they're not using some unspecified exploit to do so and are bruteforcing it, you'd essentially be sending them a haystack where all the strands of hay are different encryption so that the needle becomes obfuscated.
 
Totally not surprised with this at all. I also really doubt much will be done about this either.

giphy.gif
 
I don't have a lot of sympathy for this position. China Telecom has a global network, and sells internet transit. If people chose to route traffic through them, it is what it is. When you send data to someone over the public internet, it's usually going to cross several networks, and you have to assume the traffic is observable. A lot of US based networks operate overseas too.

Furthermore, there aren't any cables direct from Canada or the US to South Korea, you're going to need to make a stop somewhere -- usually Japan, China, Taiwan, Singapore; it's not necessarily worse or unexpected to go Canada -> China -> South Korea vs Canada -> Japan -> South Korea.

Edit to add: of course any large overseas network wants to operate PoPs in the US, so much content originates in the US, it's important to be able to manage the overseas network connectivity, and that's easier if you have PoPs on both sides of the ocean.
 
Last edited:
toast0 said:
I don't have a lot of sympathy for this position. China Telecom has a global network, and sells internet transit. If people chose to route traffic through them, it is what it is. When you send data to someone over the public internet, it's usually going to cross several networks, and you have to assume the traffic is observable. A lot of US based networks operate overseas too.

Furthermore, there aren't any cables direct from Canada or the US to South Korea, you're going to need to make a stop somewhere -- usually Japan, China, Taiwan, Singapore; it's not necessarily worse or unexpected to go Canada -> China -> South Korea vs Canada -> Japan -> South Korea.

Edit to add: of course any large overseas network wants to operate PoPs in the US, so much content originates in the US, it's important to be able to manage the overseas network connectivity, and that's easier if you have PoPs on both sides of the ocean.
Click to expand...

It's also same story for me:
Network traffic:
Norway-Sweden-Denmark-Germany-USA-China

Why? who knows, I should be blaming USA for it..
or just bad routing... give them the benefit of the doubt.
 
IdiotInCharge said:
China has supercomputers...

Yes, it should still be difficult for them, but they also play the long game- and putting effort toward this endeavor now makes it that much easier to exploit their data collection in the future.
Click to expand...
Ok, then in 1000 years when their Supercomputers crack through the encryption of all the documents from a single company in a year then China can use that R&D
 
Hmmm, I wonder if their monitoring systems are susceptible to XSS or other malicious strings ;)

Could get them to bite off more than they can chew
 
So China now do what other have done for years, so it cant be that bad or surely we would have stopped ourself first,,,,,right ?
You do know R&D in Chinese mean Remember & Duplicate. so copy this copy that copy data traffic - copy western social media.

I will admit it is a bit embarrassing to see a country now do this, when looking back in history they was the trend setters in so many ways.
But that what you get for "voting" on idiots implementing idiot rules, turning countries / societies / cultures into idiots.
 
If the US took cyber security seriously, as soon as the first redirect happened, these 10 pieces of equipment would have been confiscated and replaced. These redirects seem to be a textbook example of a man in the middle attack. Why isn't someone in jail for enabling this?
 
Cut them off from the internet, you wanna be dicks you don't get on.
 
Dead Parrot said:
If the US took cyber security seriously, as soon as the first redirect happened, these 10 pieces of equipment would have been confiscated and replaced. These redirects seem to be a textbook example of a man in the middle attack. Why isn't someone in jail for enabling this?
Click to expand...

Because it isn't illegal?

Classic case of the law lagging behind technology. Doesn't mean that measures can't be taken to change the law or mitigate the redirects.
 
Talk about how the press in North America USA and Canada) are intertwined. Here's our headline except coming from Austrailia by ITnews. "China Telecom is hijacking Canadian internet traffic via its points of presence". Not a peep from our National news outfits as of yet. I guess our Canadian government has to get its stories straight so as to not offend Chinese investments in Canada and our biggest trading partner the US. Sucks to be in the middle, as an example, of a Canadian News Headline, "Huawei executives lobbied MPs to resist US 5G boycott effort "
 
Last edited:
Uncle said:
Talk about how the press in North America USA and Canada) are intertwined. Here's our headline except coming from Austrailia by ITnews. "China Telecom is hijacking Canadian internet traffic via its points of presence". Not a peep from our National news outfits as of yet. I guess our Canadian government has to get its stories straight so as to not offend Chinese investments in Canada and our biggest trading partner the US. Sucks to be in the middle, as an example, of a Canadian News Headline, "Huawei executives lobbied MPs to resist US 5G boycott effort "
Click to expand...

Ah, the familiar hell.
 
You can put your tinfoil hat on, but it won't save your asshole from the probes.
 
"...dependent on massive expropriation of foreign R&D..."

Aren't they putting chips half the size of a grind of rice that could take control of the entire server undetected for a while now?
 
You must log in or register to reply here.
Back
Top