China 'hijacked traffic' to spy on the West

null

China has been listening to important communication over the internet for the past three years, by 'hijacking' internet connections.

This is according to a new report issued by researchers at the US Naval War College and the Tel Aviv University, which claims that the nation's third largest ISP, China Telecom, was redirecting traffic using its network in other countries.

The internet is made up of smaller networks (networks used by banks, companies, ISPs, pretty much anyone who has its own block of IP addresses). These smaller networks communicate between themselves through the use of the PoP – Point of Presence, which re-routes traffic between the networks.

China Telecom has PoPs in the US since the early 2000s.

The third and final piece of the puzzle is the Broader Gateway Protocol (BGP), an old protocol with almost no security, which helps data move along.

If this is comprised, the user can re-route internet traffic through any servers you'd want it to. For example, you could send Canada government traffic intended to South Korea, to go through Chinese servers (this allegedly happened in 2016).

"Using these numerous PoPs, [China Telecom] has already relatively seamlessly hijacked the domestic US and cross-US traffic and redirected it to China over days, weeks, and months," researchers said. "While one may argue such attacks can always be explained by normal' BGP behaviour, these, in particular, suggest malicious intent, precisely because of their unusual transit characteristics -namely the lengthened routes and the abnormal durations."

China has been using this practice since late 2015, after signing a pact with the to stop all government-back cyber operations aimed at intellectual property theft. Through this practice, it is essentially still adhering to the pact.

The full report is available for download on this link.

Photo credit: karen roach / Shutterstock