Oracle Confirms Research: China Telecom Misdirected U.S. Internet traffic thru China

China Telecom is the largest fixed line operator in China, state owned, and bidding to become the third telecommunications network operator in the Philippines.  Two weeks ago, researchers found that the company has been hacking into internet networks in the United States and hijacking data from countless users, a study has found.

The research, conducted jointly by scholars from the US Naval War College and Tel Aviv University, discovered that the China government, acting through China Telecom, has been engaged in data hacking even though it had entered into a pact with the U.S. in 2015 to stop cyber operations aimed at intellectual property theft.

Oracle’s Internet Intelligence division has just confirmed the findings of the academic paper published two weeks ago that accused China of “hijacking the vital internet backbone of western countries.”

Doug Madory, Director of Oracle’s Internet Analysis division (formerly Dyn), confirmed that China Telecom has, indeed, engaged in internet traffic “misdirection.” “I don’t intend to address the paper’s claims around the motivations of these actions,” said Madori. “However, there is truth to the assertion that China Telecom (whether intentionally or not) has misdirected internet traffic (including out of the United States) in recent years.  I know because I expended a great deal of effort to stop it in 2017,” Madori said.

china-telekom-bgp-hijack.png

Image Courtesy of Oracle

……………………………………………………………………………………………………………….

Madori then goes on to detail several of China Telecom’s BGP (Border Gateway Protocol) route “misdirections,” most of which have involved hijacking US-to-US traffic and sending it via mainland China before returning it to the U.S.

Verizon APAC errors had a knock-on effect, Madori explained: “Verizon APAC … were announcing [routes] to the internet on behalf of their customers. A couple of AS hops away, China Telecom was mishandling them – announcing them in a manner that would cause internet traffic destined for those IP address ranges to flow back through China Telecom’s network.”

………………………………………………………………………………………………………………………………..

Indeed, the researchers found that China Telecom uses BGPs in order to carry out their data intrusions.  Created in the early 1980s, BGP protocols do not feature any security controls, often resulting in misdirected traffic through “bad BGPs”. The majority of these cases are attributed to configuration mistakes.

However, researchers found that China Telecom has been deliberately hijacking BGP routes to send legitimate traffic through malicious servers.

They described the state-owned telco as “one of the most determined BGP hijackers in the international community.”

In order to validate their findings, the researchers built a route tracing system to monitor BGP announcements, allowing them to distinguish between normal, accidental patterns and deliberate ones.

They concluded that China Telecom was responsible for patterns of BGP behavior that “suggest malicious intent, precisely because of their unusual transit characteristics -namely the lengthened routes and the abnormal durations.”

“[China Telecom] has already relatively seamlessly hijacked the domestic US and cross-US traffic and redirected it to China over days, weeks, and months,” the researchers said.

“The prevalence of and demonstrated ease with which one can simply redirect and copy data by controlling key transit nodes buried in a nation’s infrastructure requires an urgent policy response,” they warned.

………………………………………………………………………………………………………………………………………….

The routing snafu involving domestic US Internet traffic coincided with a larger misdirection that started in late 2015 and lasted for about two and a half years, Oracle’s Madory said in a blog post published Monday. The misdirection was the result of AS4134, the autonomous system belonging to China Telecom, incorrectly handling the routing announcements of AS703, Verizon’s Asia-Pacific AS. The mishandled routing announcements caused several international carriers—including Telia’s AS1299, Tata’s AS6453, GTT’s AS3257, and Vodafone’s AS1273—to send data destined for Verizon Asia-Pacific through China Telecom, rather than using the normal multinational telecoms.

………………………………………………………………………………………………………………………………………….

Ahead of the third telco player’s selection Wednesday (November 7), Senators Grace Poe and Francis Escudero already voiced concerns about the possible threats to national security and data privacy in case China Telecom becomes the winner of the bidding.

………………………………………………………………………………………………………………………………………….

References:

http://bilyonaryo.com.ph/2018/11/06/think-tank-unmasks-how-china-telecom-is-hacking-us-networks-hijacking-users/

https://internetintel.oracle.com/blog-single.html?id=China+Telecom%27s+Internet+Traffic+Misdirection

https://www.zdnet.com/article/oracle-confirms-china-telecom-internet-traffic-misdirections/

https://arstechnica.com/information-technology/2018/11/strange-snafu-misroutes-domestic-us-internet-traffic-through-china-telecom/

https://www.theregister.co.uk/2018/11/06/oracles_netwatchers_agree_china_telecom_is_a_repeat_bgp_offender/