China May Be Reading Your Emails

Uploaded on 2018-11-08 in NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-China, FREE TO VIEW, BUSINESS-Services-IT & Telecoms, TECHNOLOGY--Hackers

A recent academic report claims that China has been routinely and systematically hijacking internet traffic from the United States, Canada, Europe and other countries through security flaws in the deep structure of the internet. 

To put it simply, somebody in Beijing may be receiving and reading your emails before you do, as well as capturing your passwords and other personal data from websites you visit.

China’s Maxim – Leave No Access Point Unexploited: The Hidden Story of China Telecom’s BGP Hijacking,” by Chris C Demchak of the US Naval War College and Yuval Shavitt of Tel Aviv University. 

The report alleges that a voluntary US-China 2016 agreement, which aimed to stop military forces from hacking commercial enterprises for economic gain, has appeared to reduce Chinese Internet theft against western targets. 

However, as the report also notes, China’s technological development still continues to be “dependent on massive expropriation of foreign R&D.”

An ‘innocuous player’

As Chinese companies such as Huawei and ZTE are viewed with suspicion in the West, the Chinese government has chosen what the researchers call “a seemingly innocuous player” to reroute, or hijack, internet traffic. The so-called “innocuous player” is state-owned China Telecom, a telecoms giant with close to 300,000 employees.

To understand how China Telecom has been able to divert internet traffic to China and copy it, as the report claims, it is necessary to delve briefly into the obscure world of the internet’s foundational infrastructure.

Essentially, China Telecom has numerous Points of Presence (PoP) in the US and Europe. Think of a PoP as a delivery system that ensures that “packages” sent via the internet reach their intended destinations as efficiently as possible. They are delivery services that connect all the smaller networks that comprise the overall internet.

The small networks are called autonomous systems and could be anything from banks and tech giants to your local Internet Service Provider.

On the other hand, overseas telecoms are barred from operating PoPs in China. The country has just three gateways, in Beijing, Shanghai and Hong Kong. This protects China’s domestic traffic from foreign hijacking.

Meanwhile, enter Border Gateway Protocol (BGP), the key Internet routing protocol for connecting the innumerable autonomous systems that comprise the internet.

Insecure protocol

“BGP is a notoriously insecure protocol used to route internet traffic,” comments Cory Doctorow, a respected technology pundit. Doctorow continues: “By design it is dynamic and responsive, moving traffic away from congested routes and onto those with more capacity: this flexibility can be exploited to force traffic to route through surveillance chokepoints.”

BGP was developed in 1989 – when the internet was generally perceived as an emergent technology bringing the world closer together. It was also the same year that the internet first began to be used in China. In fact, the country did not start to fully implement the internet, and on a negligible scale, until 1994, when China was still widely regarded as a benign backwater.

China is rightly no longer regarded as benign or a backwater, and its hijacking activities are difficult to detect. China Telecom has multiple points of presence (PoPs) in North America and Europe and rerouting traffic via ultra-fast fiber-optic cables causes delays to be almost unnoticeable.

All the same, the report is not exactly news. BGP exploits are probably more common than is largely realised and are probably used by all state players capable of doing so, notably Russia.

But China is regarded as a particularly egregious player. In 2010, for example, the US-China Economic and Security Commission reported to the US Congress on such “hijacks” in a 300-page report that included information on an incident in which 15% of global Internet traffic suddenly started to pass through Chinese servers en-route to its intended destinations, according to Ars Technica, a technology-focused news website.

Malicious Intent 

This would be less problematic if all internet traffic were highly encrypted. Unfortunately, some of it is not. But as the researchers also note: “If diverted and copied for even small amounts of time, even encrypted traffic can be broken.”

In the meantime, the attacks continue and will likely continue to do so. The researchers describe the hijacks as “repetitive,” suggesting “malicious intent.”

Events documented by the report include a six-month period from February 2016, when traffic from Canada to South Korea was “hijacked by China Telecom and routed through China” and a similar incident in which traffic from several locations to the US to “a large Anglo-American bank headquarters in Milan, Italy was hijacked by China Telecom to China.”

If there is any key takeaway from reports such as this, it is that the internet, which has revolutionised modern life, was built on trust. We now live in untrusting times.

Asia Times:

You Might Also Read:

China Compromises Tech Companies With Malicious Microchips

« Why Has The US Not Been Hit With A Devastating Cyber Attack?
China Has “taken the gloves off” In Hacking Attacks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

GrammaTech

GrammaTech

GrammaTech is a leading developer of software-assurance tools and advanced cyber-security solutions.

Security Audit Systems

Security Audit Systems

Security Audit Systems is a website security specialist providing website security audits and managed web security services.

ISACA Conferences

ISACA Conferences

ISACA is dedicated to offering the most dynamic and inclusive conferences to keep you abreast of the latest advances in IT and Information Security.

National Cyber Security Centre (NCSC) - Netherlands

National Cyber Security Centre (NCSC) - Netherlands

NCSC Netherlands coordinates enhancing the cyber resilience of the Netherlands in the digital domain.

CyberOne

CyberOne

CyberOne (formerly Comtact) offer a full stack cybersecurity service to ensure our customers understand the cyber maturity of their organisation.

Cybernetic Global Intelligence (CGI)

Cybernetic Global Intelligence (CGI)

CGI is a global IT Security firm that helps companies protect their data and minimize their vulnerability to cyber threats through a range of services such as Security Audits and Managed Services.

Antiy Labs

Antiy Labs

Antiy Labs is a vender of antivirus engine and solution, providing the best-in-breed antivirus engine and next generation antivirus services for confronting PC malware and mobile malware.

Secudos

Secudos

SECUDOS is an innovative appliance technology and services provider focused on IT security and compliance.

Verafin

Verafin

Verafin is one of the North American leaders in fraud detection and AML software.

Cybersecurity Manufacturing Innovation Institute (CyManII)

Cybersecurity Manufacturing Innovation Institute (CyManII)

CyManII was established to create economically viable, pervasive, and inconspicuous cybersecurity in American manufacturing to secure the digital supply chain and energy automation.

Right-Hand Cybersecurity

Right-Hand Cybersecurity

Right-Hand Cybersecurity empowers businesses to monitor, measure and mitigate employee induced cyber risks in real-time.

Trail of Bits

Trail of Bits

Trail of Bits combine high-end security research with a real-world attacker mentality to reduce risk and fortify code.

ADGS

ADGS

ADGS is a deeptech company focused in the fields of Agent-Based simulations (Emergent Behavior), Cybersecurity and Biometrics, Social Dynamics, Natural Language Processing and Artificial Intelligence.

NetTech

NetTech

NetTech’s Managed CyberSecurity and Compliance/HIPAA services are designed to help your company prevent security breaches and quickly remediate events if they do happen to occur.

Mitigate Cyber

Mitigate Cyber

Mitigate Cyber (formerly Xyone Cyber Security) offer a range of cyber security solutions, from threat mitigation to penetration testing, training & much more.

Arctic Group

Arctic Group

Arctic Group is a Swedish service provider focusing on cybersecurity, integration services and deployment of software development tools.