
China Telecom diverted internet traffic in U.S. and Canada, report finds - snowwindwaves
https://www.theglobeandmail.com/politics/article-china-telecom-hijacked-internet-traffic-in-us-and-canada-report/
======
Raphmedia
Schneier's post on it.

[https://www.schneier.com/blog/archives/2018/10/chinas_hackin...](https://www.schneier.com/blog/archives/2018/10/chinas_hacking_.html)

------
exnorrtel
I used to work at Nortel Networks along with 130,000 other people. Nortel went
bankrupt and now everyone who used to work there is fighting for their
pensions. Apparently a major contributor to their downfall was all of the IP
being stolen and sensitive information about deals going down otherwise
exfiltrated by Huawei[1]

People need to get serious about protecting the privacy of their
communications and data. Nobody cares until it is too late. Seems like this
kind of event might be the incentive people need to make the extra effort to
use products that encrypt their data in rest and in motion.

1: [https://www.afr.com/technology/web/security/how-chinese-
hack...](https://www.afr.com/technology/web/security/how-chinese-hacking-
felled-telecommunication-giant-nortel-20140526-iux6a)

------
rasengan
The BGP protocol (decentralized without proof or verification), the DNS system
(centralized AND decentralized without proof or verification), and SSL
(decentralized without proof or verification) are all relics of the past -
design choices that didn’t predict this future.

BGP, SSL, and DNS, create an atmosphere ripe for hijack, MITM and other
nefarious activity, and it happens ALL THE TIME.

In other words, the very system “designed to provide trust” actually is also
designed to allow rogue actors to utilize that same trust.

It’s insecure AF.

~~~
tialaramex
Certificates in the Web PKI ("SSL Certificates") are logged to the Certificate
Transparency system.

Clients can choose to insist upon seeing proof that the certificates they're
shown were logged (SCTs), Google's Chrome browser does this today.

Name owners can choose to check which certificates were logged for their
names, either by operating their own log monitor or by having somebody else do
it for them (Facebook will do this for free, but you're welcome to pay
somebody if you don't like Facebook, or as I said, you can do it all yourself
since the logs are public).

In practice even though the existing system is far from perfect we see
relatively few problems, and fewer still actual attacks rather than screw-ups.

~~~
throwaway2048
certificate transparency only does anything for participating CAs, there are
dozens/hundreds of CAs that do not participate in certificate transparency,
including several either controlled by the Chinese government, or at less than
arms length from its influence.

They can freely sign anything that isn't either certificate pinned, or has a
CAA record. And both those things are client dependent, pretty much any ssl
client besides chrome or firefox will not have the capability to do either.

------
ccnafr
Dupe:

[https://news.ycombinator.com/item?id=18307524](https://news.ycombinator.com/item?id=18307524)

[https://news.ycombinator.com/item?id=18329518](https://news.ycombinator.com/item?id=18329518)

[https://news.ycombinator.com/item?id=18284313](https://news.ycombinator.com/item?id=18284313)

[https://news.ycombinator.com/item?id=18325220](https://news.ycombinator.com/item?id=18325220)

[https://news.ycombinator.com/item?id=18330629](https://news.ycombinator.com/item?id=18330629)

[https://news.ycombinator.com/item?id=18326512](https://news.ycombinator.com/item?id=18326512)

~~~
ISL
Only one of those (the first link) would have had enough votes to reach the
front page. In sequential order, those links presently have (118, 2, 5, 7, 3,
2 [dead]) upvotes.

This submission was the first I've seen of the story.

~~~
dang
Right, on HN an article only counts as a dupe if the story has previously had
significant attention.
[https://news.ycombinator.com/item?id=18307524](https://news.ycombinator.com/item?id=18307524)
did, so this submission does count as a dupe.

------
toast0
This report is pretty sketchy. The example is traffic from Canada to South
Korea was 'diverted' through China. But there's no undersea cables direct from
Canada to South Korea, traffic will go through the United States, and then it
must go through at least one of Japan, China, Singapore on the way to South
Korea. China Telecom runs a global network, and offers transit, so it's likely
that someone on the way was intentionally interconnected with China Telecom
and expected some packets to transit its network.

Many companies with diverse home countries run global networks, but it's only
an issue when it's a Chinese company?

~~~
calebh
If you read the article closely, it says that traffic was diverted via its PoP
on the west coast (presumably in the US). The article isn't saying that there
is a cable going out from Canada.

~~~
toast0
The traffic is going from canada to south korea; of course it's going to go
through a PoP on the west coast. Of course China Telecom is going to have PoPs
on the west coast, as they provide global transit.

If the route is [whatever us transit] -> china telecom -> [whatever
connectivity in south korea], the US transit provider is generally going to
send the traffic to china telecom on the US side of the undersea cable, then
it can use china telecom's provisioned bit of bandwidth.

Here's the quote from the article:

> One such example the authors give is the diverting of routes between Canada
> and South Korean government sites. For six months beginning in February,
> 2016, internet traffic was diverted by China Telecom and routed through its
> PoP in Toronto, then forwarded to its PoP on the West Coast, then on to
> China and finally to South Korea. The shortest route for this traffic would
> normally have been Toronto to the United States to South Korea, the authors
> says.

But there's no cable from US to South Korea listed on the submarine cable map
[https://www.submarinecablemap.com/](https://www.submarinecablemap.com/)

And they didn't show any work -- it's not unreasonable to me to go through
China instead of Japan, especially since BGP is generally picking routes based
on the least number of ASNs in between, rather than shortest distance or
anything. Probably China Telecom had a peering or transit arrangement with the
destination network (or one of their transit providers), and the other
available routes would have had to switch networks one extra time -- or maybe
it was even, and the China Telecom session was up longer.

------
vackosar
dupe

~~~
yodon
If you're going to report as dupe, please provide the link to the previous
appearance

~~~
narzu
[https://news.ycombinator.com/item?id=18329518](https://news.ycombinator.com/item?id=18329518)

[https://news.ycombinator.com/item?id=18284313](https://news.ycombinator.com/item?id=18284313)

[https://news.ycombinator.com/item?id=18325220](https://news.ycombinator.com/item?id=18325220)

~~~
vatueil
Looks like all the previous linked threads received fewer votes than this one
and no more than two comments. No reason to close this as a dupe, then.

~~~
majia
Another dupe with lots of comments
[https://news.ycombinator.com/item?id=18307524](https://news.ycombinator.com/item?id=18307524)

With so many dupe on a paper which in my personal opinion is poorly written,
it looks more like a xenophobia or propaganda attack.

------
pluma
So is this anything the US hasn't already done to others or is this actually a
scandal?

~~~
kevin_b_er
This is whataboutism in an attempt to distract from moral turpitude of Chinese
actions with "what about the US?"

It is bad either way.

~~~
prions
This is the same tired argument that's dragged out anytime people raise
concerns about using Chinese hardware.

>I don't care if the Chinese government has my data, I'm not a Chinese citizen

>The US spies as well

>The US did something wrong in the last 100 years, therefore you shouldn't
complain that China did it last week

~~~
pluma
No, the question is this:

The US is doing certain things that seem outrageous.

The US is supposedly an ally of my country.

China is not explicitly an ally (just a trade partner).

So if the US spies on us, that's scandalous but it significantly lowers the
bar for what I expect our non-allies to do to us.

It's not whataboutism, it's a precedent by which all future actions are
measured. I'm not discounting the news story, I'm asking whether this is just
a news story that will be forgotten about in a few weeks or so, or whether
this is a total shift in expectations like when we found out what the US was
doing to its own allies.

