Think tank unmasks how China Telecom is hacking US networks, hijacking users
China Telecom, the Chinese state-owned company bidding to become the third telecommunications player in the Philippines, has been hacking into internet networks in the United States and hijacking data from countless users, a study has found.
The research, conducted jointly by scholars from the US Naval War College and Tel Aviv University, discovered that China, through China Telecom, has been engaged in data hacking even though it had entered into a pact with the US in 2015 to stop cyber operations aimed at intellectual property theft.
Researchers found that China Telecom uses BGPs (Border Gateway Protocols) in order to carry out their data intrusions.
Created in the early 1980s, BGP protocols do not feature any security controls, often resulting in misdirected traffic through “bad BGPs”. The majority of these cases are attributed to configuration mistakes.
However, researchers found that China Telecom has been deliberately hijacking BGP routes to send legitimate traffic through malicious servers.
They described the state-owned telco as “one of the most determined BGP hijackers in the international community.”
In order to validate their findings, the researchers built a route tracing system to monitor BGP announcements, allowing them to distinguish between normal, accidental patterns and deliberate ones.
They concluded that China Telecom was responsible for patterns of BGP behavior that “suggest malicious intent, precisely because of their unusual transit characteristics -namely the lengthened routes and the abnormal durations.”
“[China Telecom] has already relatively seamlessly hijacked the domestic US and cross-US traffic and redirected it to China over days, weeks, and months,” the researchers said.
“The prevalence of and demonstrated ease with which one can simply redirect and copy data by controlling key transit nodes buried in a nation’s infrastructure requires an urgent policy response,” they warned.
Ahead of the third telco player’s selection Wednesday (November 7), Senators Grace Poe and Francis Escudero already voiced concerns about the possible threats to national security and data privacy in case China Telecom becomes the winner of the bidding.