Oracle Confirms Research: China Telecom Misdirected U.S. Internet traffic thru China

China Telecom is the largest fixed line operator in China, state owned, and bidding to become the third telecommunications network operator in the Philippines.  Two weeks ago, researchers found that the company has been hacking into internet networks in the United States and hijacking data from countless users, a study has found.

The research, conducted jointly by scholars from the US Naval War College and Tel Aviv University, discovered that the China government, acting through China Telecom, has been engaged in data hacking even though it had entered into a pact with the U.S. in 2015 to stop cyber operations aimed at intellectual property theft.

Oracle’s Internet Intelligence division has just confirmed the findings of the academic paper published two weeks ago that accused China of “hijacking the vital internet backbone of western countries.”

Doug Madory, Director of Oracle’s Internet Analysis division (formerly Dyn), confirmed that China Telecom has, indeed, engaged in internet traffic “misdirection.” “I don’t intend to address the paper’s claims around the motivations of these actions,” said Madori. “However, there is truth to the assertion that China Telecom (whether intentionally or not) has misdirected internet traffic (including out of the United States) in recent years.  I know because I expended a great deal of effort to stop it in 2017,” Madori said.

china-telekom-bgp-hijack.png

Image Courtesy of Oracle

……………………………………………………………………………………………………………….

Madori then goes on to detail several of China Telecom’s BGP (Border Gateway Protocol) route “misdirections,” most of which have involved hijacking US-to-US traffic and sending it via mainland China before returning it to the U.S.

Verizon APAC errors had a knock-on effect, Madori explained: “Verizon APAC … were announcing [routes] to the internet on behalf of their customers. A couple of AS hops away, China Telecom was mishandling them – announcing them in a manner that would cause internet traffic destined for those IP address ranges to flow back through China Telecom’s network.”

………………………………………………………………………………………………………………………………..

Indeed, the researchers found that China Telecom uses BGPs in order to carry out their data intrusions.  Created in the early 1980s, BGP protocols do not feature any security controls, often resulting in misdirected traffic through “bad BGPs”. The majority of these cases are attributed to configuration mistakes.

However, researchers found that China Telecom has been deliberately hijacking BGP routes to send legitimate traffic through malicious servers.

They described the state-owned telco as “one of the most determined BGP hijackers in the international community.”

In order to validate their findings, the researchers built a route tracing system to monitor BGP announcements, allowing them to distinguish between normal, accidental patterns and deliberate ones.

They concluded that China Telecom was responsible for patterns of BGP behavior that “suggest malicious intent, precisely because of their unusual transit characteristics -namely the lengthened routes and the abnormal durations.”

“[China Telecom] has already relatively seamlessly hijacked the domestic US and cross-US traffic and redirected it to China over days, weeks, and months,” the researchers said.

“The prevalence of and demonstrated ease with which one can simply redirect and copy data by controlling key transit nodes buried in a nation’s infrastructure requires an urgent policy response,” they warned.

………………………………………………………………………………………………………………………………………….

The routing snafu involving domestic US Internet traffic coincided with a larger misdirection that started in late 2015 and lasted for about two and a half years, Oracle’s Madory said in a blog post published Monday. The misdirection was the result of AS4134, the autonomous system belonging to China Telecom, incorrectly handling the routing announcements of AS703, Verizon’s Asia-Pacific AS. The mishandled routing announcements caused several international carriers—including Telia’s AS1299, Tata’s AS6453, GTT’s AS3257, and Vodafone’s AS1273—to send data destined for Verizon Asia-Pacific through China Telecom, rather than using the normal multinational telecoms.

………………………………………………………………………………………………………………………………………….

Ahead of the third telco player’s selection Wednesday (November 7), Senators Grace Poe and Francis Escudero already voiced concerns about the possible threats to national security and data privacy in case China Telecom becomes the winner of the bidding.

………………………………………………………………………………………………………………………………………….

References:

http://bilyonaryo.com.ph/2018/11/06/think-tank-unmasks-how-china-telecom-is-hacking-us-networks-hijacking-users/

https://internetintel.oracle.com/blog-single.html?id=China+Telecom%27s+Internet+Traffic+Misdirection

https://www.zdnet.com/article/oracle-confirms-china-telecom-internet-traffic-misdirections/

https://arstechnica.com/information-technology/2018/11/strange-snafu-misroutes-domestic-us-internet-traffic-through-china-telecom/

https://www.theregister.co.uk/2018/11/06/oracles_netwatchers_agree_china_telecom_is_a_repeat_bgp_offender/

3 thoughts on “Oracle Confirms Research: China Telecom Misdirected U.S. Internet traffic thru China

  1. China Telecom and Duterte ally set to win Philippine telecom license

    An alliance between China Telecom and Davao-based tycoon Dennis Uy is poised to clinch the third major telecom license in the Philippines after it emerged as the lone qualified bidder at an auction on Wednesday.

    Mislatel Consortium — comprising Uy’s Udenna and Chelsea Logistics Holdings, Mindanao Islamic Telephone and China Telecom — has been declared the “provisional” new player, said Selection Committee Chair Ella Blanca Lopez. Uy has close ties to President Rodrigo Duterte and donated to his election campaign.

    Two other bidders — a consortium led by Tier One Communications and LCS Group as well as Philippine Telegraph and Telephone — were disqualified after submitting incomplete documents. Both parties will appeal their disqualification and if successful, their bids will be reopened, said Eliseo Rio, officer in charge at the Department of Information and Communications Technology.

    https://asia.nikkei.com/Business/Telecommunication/China-Telecom-and-Duterte-ally-set-to-win-Philippine-telecom-license

  2. China Telecom Constantly Misdirects Internet Traffic

    Over the past years, China Telecom has been constantly misdirecting Internet traffic through China, researchers say.

    The telecommunication company, one of the largest in China, has had a presence in North American networks for nearly two decades, and currently has 10 points-of-presence (PoPs) in the region (eight in the United States and two in Canada), spanning major exchange points.

    Courtesy of this presence, the company was able to hijack traffic through China several times in the past, Chris C. Demchak and Yuval Shavitt revealed in a recent paper (PDF). China Telecom’s PoPs in North America made the rerouting not only possible, but also unnoticeable for a long time, the researchers say.

    Back in 2010, China Telecom hijacked 15% of the world’s Internet prefixes, which resulted in popular websites being rerouted through China for around 18 minutes. The incident impacted US government (‘‘.gov’’) and military (‘‘.mil’’) sites as well, the commission assigned to investigate the incident revealed (PDF).

    For the past several years, the Internet service provider (ISP) has been engaging in various forms of traffic hijacking, in some cases for days, weeks, and months, Demchak and Shavitt claim.

    “The patterns of traffic revealed in traceroute research suggest repetitive IP hijack attacks committed by China Telecom. While one may argue such attacks can always be explained by ‘normal’ BGP behavior, these in particular suggest malicious intent, precisely because of their unusual transit characteristics –namely the lengthened routes and the abnormal durations,” the researchers note.

    https://www.securityweek.com/china-telecom-constantly-misdirects-internet-traffic

  3. Cyberwarfare — A cyber Pearl Harbor?

    The bottom line is that this is strong evidence that a significant portion of the traffic to and from Washington DC was directed through mainland China, where that traffic is vulnerable to malware hosted on Chinese hardware operating under Chinese government supervision on the Chinese mainland.

    The story has not yet been picked up by any mainstream news sources that I know of. There is precious little air for anything except politics at the moment.

    If this report turns out to have substance (it is still unfolding), this will or should be a major news event. It is the cybe-rwarfare analog to the attack on Pearl Harbor.

    http://bluemassgroup.com/2018/11/cyberwarfare-a-cyber-pearl-harbor/

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

*

 
 

Recent Posts