
China systematically hijacks internet traffic: researchers - maltalex
https://www.itnews.com.au/news/china-systematically-hijacks-internet-traffic-researchers-514537
======
maltalex
Original Paper:
[https://scholarcommons.usf.edu/cgi/viewcontent.cgi?article=1...](https://scholarcommons.usf.edu/cgi/viewcontent.cgi?article=1050&context=mca)

Bruce Schneier's blog post on this paper:
[https://www.schneier.com/blog/archives/2018/10/chinas_hackin...](https://www.schneier.com/blog/archives/2018/10/chinas_hacking_.html)

~~~
mark_gtf
thnkz

------
walrus01
From an ISP perspective this is really hard to hide. If somebody announces my
/16 from Pakistan and traffic goes there, it's going to get noticed. Like the
time PTCL broke YouTube...

You basically can't bgp hijack without breaking basic internet connectivity
for the legit users of the IP space (where it is intended to be announced to
peers and transits), so anything lasting more than 30 seconds will generate a
huge flurry of phone calls and noc emails.

There are third party services you can pay, and software you can set up
yourself to watch for bgp announcements for "your" Arin/ripe/apnic/whatever
prefixes, and generate alerts based on that. Pretty common stuff with Linux
based systems (FRR, etc) that can hold the entire global v4+v6 routing table
in RAM and do quick analysis on it.

Google "bgp hijack", this is a well known issue in the ISP operational
community. RPKI validation of announced routes and best common practices for
what you accept from your bgp neighbors go a long way.

------
majia
Could someone explain how out-of-ordinary these hijacks are? I thought network
traffic is similar to connecting flights: it's not uncommon to fly from NY to
Seoul with a transit stop in China. Network traffic may follow a non-optimal
path for various reasons, such as complicated deal/rebate structures among AS,
third party ASN spoofing, technical failures within AS and state-sponsored
hacks. The paper seemed to cherry-pick some examples of "hijacks" involving
China. But it would be more convincing to show whether they are happening all
over the world or are specific to China.

In addition, network traffic at ISP level are never intended to be secure.
That's why we have/need end-to-end encryption.

------
speeq
Back in 2010 I had Chinese IPs show up in my traceroute - I guess they
hijacked my traffic as well. Oh well..

[https://ubuntuforums.org/showthread.php?t=1627912](https://ubuntuforums.org/showthread.php?t=1627912)

[https://forums.linuxmint.com/viewtopic.php?t=60181](https://forums.linuxmint.com/viewtopic.php?t=60181)

------
jstanley
It's clear that the internet is too insecure, and the world's super powers
can't help themselves, they simply _have_ to meddle with it.

Maybe it's time we started using Tor hidden services for everything.

~~~
qubax
Just like programming languages can only have two out of three concepts (
soundness, completeness, decidability ), the creators of the internet had to
choose two out of three concepts ( openness, robustness, security ).

It's theoretically impossible to have a language that is sound, complete and
decidable. It's probably also impossible to have an internet that is open,
robust and secure.

~~~
jstanley
I don't think that argument holds water.

Which one of "open, robust, secure" do you think Tor doesn't meet?

You can pick any 3 concepts and group them together like that, but it doesn't
mean you can't have all 3, e.g. a house can be "large, cheap, and well-
decorated" (e.g. if it is in the middle of nowhere).

~~~
ZeKZ
Tor lacks usability and efficiency.

~~~
jstanley
The efficiency isn't as bad as it used to be. I browse using Tor as a matter
of course now, and it's fine.

What's the usability problem? Just that you have to download Tor Browser
instead of Firefox?

The usability of setting up a hidden service is actually easier than getting
an SSL certificate.

------
bsaul
"then an appropriate defence policy in response could state that no traffic to
or from the US or ally is allowed to enter a China Telecom PoP in the US or in
the ally's networks"

The fact that this is possible today seems incredible to me when i think of
the number of times i've heard cybersecurity and cyberespionage was a priority
of the US security agencies during the last decade.

~~~
pjc50
On the contrary, I think as phrased that's a "break the internet" policy,
especially if more than one country does it - what if China asks for a
reciprocal version?

~~~
bsaul
the article in fact points out that china does exactly that

------
sethbannon
As someone with a trip to Beijing on the horizon, aside from using a VPN, are
there any other best practices to keep data secure while traveling there?

~~~
HippoBaro
(I live in China) I would advise against VPN entirely. I am unsure about the
state ability to decrypt the content of the connection (heavily depends on how
the VPN is configured really — weak and legacy ciphers, etc.). But they will
detect it and eventually you'll start dropping packets like crazy.

A simple way to evade all of this is to use shadowsocks with a strong cipher
and strong password between your computer in China and your server outside of
it. Don't use any free server and don't use any commercial shadowsocks
offerings. Set it up yourself, it's pretty easy.

On the mobile phone side of things. I wouldn't trust anything. Especially
Apple that has been very complaisant with local authorities.

China plays a tactical game: they _pretend_ (or we suspect, and they want us
to) that they can do a lot of things. But nobody knows the extent of what they
are actually capable of.

~~~
68c12c16
shadowsocks is on their radar now...and they have been able to detect its
usage with some success, unfortunately...

i.e. The Random Forest Based Detection of Shadowsock's Traffic,
[https://ieeexplore.ieee.org/document/8048116/](https://ieeexplore.ieee.org/document/8048116/)

I don't really understand what kind of scientists would do such researches to
help the government carry out the censorship more efficiently, over their
fellow people...it's either those intellectuals have no brain, or no heart...

~~~
ausjke
this is correct, SS is on the radar and is not as dependable as it used to be,
there is a variant of SS that is said to be an improved version but it is
still not 100% dependable.

------
hope4555
Important

------
Dowwie
Traffic heading to China gets intercepted-- you don't say?

~~~
propter_hoc
This is not what the article says happened. Rather, the researchers found that
China was able to reroute traffic going to other countries to instead go to
China, presumably to analyze or decrypt it, before sending it on to its
original destination later.

Please read the article before commenting.

------
Taniwha
And the US and the rest of the 5-eyes don't? that doesn't make it right, just
more wrong, if you're angry that China is doing this then you should be
equally because the US and 'friends' are doing it to you too

~~~
adamiscool8
At least in theory FVEY nations are democratically accountable for the
behavior.

~~~
chmod775
Being spied upon by a non-democratic nation is the same as being spied upon by
a democratic nation if you're not a citizen - you don't hold any influence
over either and neither is accountable to you.

So from an outside perspective the US and China are pretty much the same thing
in that regard.

To top it off, the five eyes nations are spying on each other - so even if
you're a citizen of one you're _tolerating_ being spied upon by four other
surveillance apparati that aren't accountable to you.

