In a new paper published in the journal Military Cyber Affairs researchers from the US Naval War College and Tel Aviv University document the use of BGP spoofing by China Telecom to redirect massive swathes of internet traffic through the company's routers as part of state military and commercial espionage efforts.
BGP is a notoriously insecure protocol used to route internet traffic; by design it is dynamic and responsive, moving traffic away from congested routes and onto those with more capacity: this flexibility can be exploited to force traffic to route through surveillance chokepoints, as well as for censorship (publishing BGP routes to censorsed services that dead-end in nonexistent addresses are a common technique in repressive regimes).
The researchers logged global BGP route announcements and discovered China Telecom publishing bogus routes that sucked up massive amounts of Canadian and US traffic and pushed it through Chinese listening posts. Much of today's internet traffic is still unencrypted, meaning that the entities monitoring these listening posts would have been able to read massive amounts of emails, instant messages and web-sessions.
China Telecom's BGP attacks were also used to black-hole traffic in some instances (for example, traffic from an "Anglo-American bank's" branch in Milan was diverted wholesale to China, never arriving at its intended destination).
After the traffic was copied by China Telecom for encyption breaking and analysis, it was delivered to the intended networks with only small delays. Demchak and Shavitt said.
Such hijacking is difficult to detect as China Telecom has multiple points of presence (PoPs) in North America and Europe that are physically close to the attacked networks, causing almost unnoticeable traffic delivery delays despite the lengthened routes.
China in comparison does not allow overseas telcos to establish PoPs in the country, and has only three gateways into the country, in Beijing, Shanghai and Hong Kong. This isolation protects the country's domestic and transit traffic from foreign hijacking.
China’s Maxim – Leave No Access PointUnexploited: The Hidden Story of China Telecom’s BGP Hijacking [Chris C. Demchak and Yuval Shavitt/Military Cyber Affairs]
China systematically hijacks internet traffic: researchers [Juha Saarinen/IT News]