China Telecom uses US/Canada PoPs to Divert Internet Traffic through China

China is using its access to the North American internet system to route traffic to Beijing, rather than the shortest point of travel. Packets can then be stored, analyzed and changed before they are sent on to its destination. This exploits the openness of the West, to China’s advantage. Yuval Shavitt of Tel Aviv University and Chris Demchak of the U.S. Naval War College in Newport, R.I., published a paper recently in Military Cyber Affairs, called China’s Maxim – Leave No Access Point Unexploited: The Hidden Story of China Telecom’s BGP Hijacking. It is a really good read.

In the internet, information is sent across intervening ASs as small data ‘packets’ with their destination IP addresses attached. Each router in the transited networks looks at the destination IP address in the packet and forwards it to the next and closest AS according to a ‘forwarding table’. The ‘glue’ holding the Internet together uses two forms of software ‘protocols’ – the Internet Protocol (IP) [RFC971] and the Border Gateway Protocol (BGP) [RFC 4271]…

While the paths built for any set of messages across ASNs are based on multiple economic and engineering criteria, a key requirement is to select the shortest route to its destination IP address. Critical to moving traffic across the sea of tier 1 and other ASNs are the ‘forwarding tables’ which show the next – and closest – AS router for a given packet to cross. The servers hosting the ‘Border Gateway Protocol’ (BGP) – the key Internet routing protocol – build these forwarding tables which are shared across each contributing AS. Within the BGP forwarding tables, administrators of each AS announce to their AS neighbors the IP address blocks that their AS owns, whether to be used as a destination or a convenient transit node.

Errors can occur given the complexity of configuring BGP, and these possible errors offer covert actors a number of hijack opportunities. If network AS1 mistakenly announces through its BGP that it owns an IP block that actually is owned by network AS2, traffic from a portion of the Internet destined for AS2 will actually be routed to – and through – AS1. If the erroneous announcement was
maliciously arranged, then a BGP hijack has occurred.

China tampers with the BGP tables, stating it is the fastest way to route packets. Internet traffic then routes these packets through China for analysis before then rerouting to the proper destinations. This allows China to copy the messages, perhaps decrypt the message, add, change or corrupt the message. China Telecom seems to be using 8 US ‘points of presence’ (PoPs) and 2 Canadian PoPs for BGP hijacks.

It is not for certain what China does with this misdirected traffic, but certainly redirecting traffic through China is highly unusual and very suspicious. This is not the most efficient way to route traffic and a misuse of the BGP tables.

This is not cyber-hacking per se, but to illegally reroute traffic to China for inspection and modification is certainly not in the spirit of a free, open and honest internet. The US and Canada need to remove China Telecom’s PoPs in North America, as the authors have suggested.

It is impossible for any Chinese company to resist a CCP request. Emperor Xi jinping wants all Chinese people to first be loyal to the CCP. This includes individuals and companies, with no exceptions. All medium sized and larger companies have a CPP representative on their boards, so the CCP is never far away. More importantly, any company that resists CCP requests would have finances and regulatory issues, and would find operating in China difficult.

China Telecom diverted internet traffic in U.S. and Canada, report finds

China Telecom accused of exploiting points-of-presence to conduct internet espionage

2018 Nov 13 Google goes down after major BGP mishap routes traffic through China

2018 Nov 13 China and Russia suspected of hijacking Google internet traffic in ‘war game experiment’