{"id":1922,"date":"2018-10-29T17:00:02","date_gmt":"2018-10-29T17:00:02","guid":{"rendered":"http:\/\/www.blackopspartners.com\/?p=1922"},"modified":"2018-10-29T17:00:02","modified_gmt":"2018-10-29T17:00:02","slug":"china-has-been-hijacking-the-vital-internet-backbone-of-western-countries","status":"publish","type":"post","link":"https:\/\/blackopspartners.com\/china-has-been-hijacking-the-vital-internet-backbone-of-western-countries\/","title":{"rendered":"China has been ‘hijacking the vital internet backbone of western countries’"},"content":{"rendered":"
A Chinese state-owned telecommunications company has been “hijacking the vital internet backbone of western countries,” according to an academic paper published this week by researchers from the US Naval War College and Tel Aviv University.<\/p>\n
The culprit is China Telecom, the country’s third-largest telco and internet service provider (ISP), which has had a presence inside North American networks since the early 2000s when it created its first point-of-presence (PoP).<\/p>\n
PoPs are data centers that do nothing more than re-route traffic between all the smaller networks that make up the larger internet.<\/p>\n
These smaller networks are known as “autonomous systems” (AS) and they can be the networks of big tech companies like Google, your friendly neighborhood ISP, big tier-1 ISPs like Verizon, university networks, bank networks, web hosting companies, and all entities big enough to have received their own block of IP addresses.<\/p>\n
Traffic travels between these AS networks with the help of the Border Gateway Protocol (BGP). This protocol was created in the early 80s and does not feature any security controls, allowing anyone to announce a bad BGP route and receive traffic that was not intended for their network.<\/p>\n
In the vast majority of cases, these incidents –called BGP hijacks– happen because of configuration mistakes and are resolved in minutes or hours.<\/p>\n
But there are also some networks that hijack BGP routes to send legitimate traffic through malicious servers. They do this to carry out man-in-the-middle traffic interception, phishing attacks to steal passwords, or to record HTTPS-encrypted traffic to later decrypt it by leveraging cryptographic attacks such as DROWN<\/a> or Logjam<\/a>.<\/p>\n In a research paper published this week, researchers reveal that China Telecom has been one of the internet’s most determined BGP hijackers around.<\/p>\n