Researchers have discovered that Chinese based telecom has been hijacking internet traffic on a regular basis.
According to researchers, Chris Demchak of the United States Naval War College and Yuval Shavitt of the Tel Aviv University in Israel Chinese telecom has been hijacking internet traffic going through U.S and Canada on a regular basis.
The researchers traced global BGP announcements and discovered several attacks by Chinese-based Telecom over the past few years.
In 2016 it was discovered China redirected traffic between Canada and Korean government networks to its PoP in Toronto for 6 months. Normally traffic takes a short route which is through Canada, the U.S and then to Korea.
Chinese Telecom hijacked it by redirecting the traffic to China Telecom PoP on the US West Coast and then sent to China and after that to Korea.
Another attack discovered was in October 2016 traffic from several locations from the U.S to headquarters of an Anglo-America bank in Milan, Italy was hijacked and terminated in China.
Traffic between Scandinavia and Japan were also hijacked between April and May 2017.
PoPs manage traffic between all the smaller networks and these smaller networks are called autonomous systems(AS).
The traffic between two autonomous systems are managed with the help of Border Gateway Protocol (BGP). BGP is an insecure protocol which can be exploited by anyone to announce bad BGP route and reroute traffic.
Usually, in most of the cases, BGP hijacks occurs because of the configuration mistakes, but the researchers here discovered multiple attacks by Chinese Telecom in the past few years.
“Building a successful BGP hijack attack is complex, but much easier with the support of a complicit and preferably largescale ISP that is more likely to be included as a central transit point among a sea of ASs. “
Most of BGP hijacking attacks nowadays are the work of government agencies or criminal organisations with access or control of strategically placed ISPs.
“China Telecom has ten strategically placed, Chinese controlled internet ‘points of presence’4 (PoPs) across the internet backbone of North America. Vast rewards can be reaped from the hijacking, diverting, and then copying of information-rich traffic going into or crossing the United States and Canada – often unnoticed and then delivered with only small delays.”
Even though China has ten PoPs in North America, it doesnt allow any foreign country PoPs on their country.
For more details, you can read the research paper published by the researchers here.
You may be interested in reading:Building an Effective Cybersecurity Culture Program