A prefix can be connected to several ISPs, and thus be advertised multiple times from multiple places. Each ISP resolves all the advertisements and computes paths to each prefix, sending traffic towards the shortest path received.
The protocol that conducts this process, BGP4, is unauthenticated and managed by a combination of fiddly filtering configurations (often based on regular expressions) and trust. An ISP can advertise any prefix and stand a chance of getting some other ISPs to route that prefix towards them.
Here, what appears to have happened was that a Dutch ISP advertised a bunch of prefixes incorrectly (they may have been advertised in such a way as to make them unattractive options for routing, as a safeguard, but that proved ineffective). China Telecom picked them up and propagated them, and, in doing so, made itself an attractive path for the prefixes for many other ISPs.
Yes, this would allow China Telecom to inspect traffic mistakenly routed to them, though it's extraordinarily unlikely that anything like that occurred.
† ISPs themselves have their own short numeric addresses, called ASNs.
The fact that it's China Telecom speaks volumes to this being a suspected route hijack. It's possible it was just an error on the Swiss colo companies part but somehow I doubt that.
>It also reveals that China Telecom, a major International carrier, has still implemented neither the basic routing safeguards necessary both to prevent the propagation of routing leaks nor the processes and procedures necessary to detect and remediate them in a timely manner when they inevitably occur.
So basically a lack of external pressure combined with a lack of caring about preventing this.
Could someone who's paranoid guess that this is done on purpose, the goal being to capture all the packets before sending them back towards the correct ISPs?
What incentives do they have not to route data from foreign adversaries through their networks? :')
The notion that they did this on purpose to record traffic is just silly.
How is China recording internet traffic silly given their expansive use of facial recognition, their crackdown on journalists, interdiction of VPN services, and use of apps to monitor ethnic minorities? Capturing a bit of foreign internet traffic isn't anything, and would be extensively useful to a police state.
If China wants to convince the rest of the world that every single BGP hijack and leak isn't intelligence gathering, then they can implement the same standards and safeguards everyone else does...
What about the above, applied to a country that is between Europe and China? Such a country could passively listen while China takes the blame.
This statement doesn't make sense.
The BGP peering infrastructure has nothing to do with countries being "in between" europe and china.
I think you are overly paranoid, misrouting happens (quite a lot actually) and BGP routing changes are very easy to track thanks to the nature of BGP.
There are far more "stealthy" ways of getting desired traffic.