In a research paper published this week, researchers reveal that China Telecom has been one of the internet’s most determined BGP hijackers around.<\/p>\n
Researchers point out that the Chinese government, through China Telecom, has started abusing BGP hijacks after it entered into a pact with the US in September 2015<\/a> to stop all government-back cyber operations aimed at intellectual property theft.<\/p>\n “This necessitated new ways to get information while still technically adhering to the agreement,” said the researchers. “Since the agreement only covered military activities, Chinese corporate state champions could be tasked with taking up the slack. […] Enter China Telecom.”<\/p>\n The research duo says they’ve built “a route tracing system monitoring the BGP announcements and distinguishing patterns suggesting accidental or deliberate hijacking.”<\/p>\n Using this system, they tracked down long-lived BGP hijacks to the ten PoPs –eight in the US and two in Canada– that China Telecom has been silently and slowly setting up in North America since the early 2000s.<\/p>\n “Using these numerous PoPs, [China Telecom] has already relatively seamlessly hijacked the domestic US and cross-US traffic and redirected it to China over days, weeks, and months,” researchers said.<\/p>\n “While one may argue such attacks can always be explained by normal’ BGP behavior, these, in particular, suggest malicious intent, precisely because of their unusual transit characteristics -namely the lengthened routes and the abnormal durations.”<\/p>\n In their paper, the duo lists several long-lived BGP hijacks that have hijacked traffic for a particular network, and have made it take a long detour through China Telecom’s network in mainland China, before letting it reach its intended and final destination.<\/p>\n Researchers also note that China’s internet network is a system that’s largely closed off and isolated from the rest of the internet, to which it connects only via three nodes located in Beijing, Shanghai, and Hong Kong.<\/p>\n This isolationist approach to its internet infrastructure means that China wouldn’t be able to carry out BGP hijacks for international traffic because very little goes through its mainland nodes. This is why the PoPs it set up in North America, but also throughout Europe and Asia, are so crucial.<\/p>\n “That imbalance in access allows for malicious behavior by China through China Telecom at a time and place of its choosing, while denying the same to the US and its allies,” researchers noted.<\/p>\n “The prevalence of and demonstrated the ease with which one can simply redirect and copy data by controlling key transit nodes buried in a nation’s infrastructure requires an urgent policy response.”<\/p>\n ZDNet readers can find out more from the research paper, entitled “China’s Maxim – Leave No Access Point Unexploited: The Hidden Story of China Telecom’s BGP Hijacking,” which is available for download, here<\/a>.<\/p>\n <\/p>\n\n
![\"\"](\"http:\/\/www.blackopspartners.com\/wp-content\/uploads\/2018\/10\/china-telecom-bgp-hijack-example.png\")