Hacker News new | past | comments | ask | show | jobs | submit login
[dupe] For two hours, a large chunk of EU mobile traffic was rerouted through China (zdnet.com)
97 points by howard941 5 days ago | hide | past | web | favorite | 33 comments

An academic paper published by experts from the US Naval War College and Tel Aviv University in October last year blamed China Telecom for "hijacking the vital internet backbone of western countries."

The report argued that the Chinese government was using local ISPs for intelligence gathering by systematically hijacking BGP routes to reroute western traffic through its country, where it can log it for later analysis.

While some experts have criticized the paper, Madory is one of the people who stood by its technical accuracy -- albeit not by its politically-charged accusations-- confirming that China Telecom has rerouted western traffic through its network for years many times before.

However, Madory couldn't say if this was intentional, or a technical or human error.

Even if the magnification of the error was entirely do to incompetence on the part of China Telecom (vs malice/espionage), any data mis-routed must be treated as if it were fully logged and analyzed by China's security services for military, industrial, and political advantage.

Another massive security hole from dealing with China.

They are taking advantage of open western societies to strategically run rings around them.

The US has been installing backdoors in network hardware for its own exploitation for years. No ones privacy has been respected by the NSA. The behavior of both sides is reprehensible, but this is absolutely not a case of mean ol China hurting us innocent westerners. Note that England and Australia are collaborators on the NSA’s attempts at total surveillance of the global web.

While I agree with you assessment about western nations doing very similar monitoring techniques. It still doesn't excuse China. They all should be held accountable. In fact the focus on China should be used as an opportunity to bring it to light again. People seem to have forgotten. But we shouldn't ignore it because everyone else does it.

This may be true, but it completely fails to distinguish between 1) the type of regime implementing the surveillance - autocratic vs democratic, and 2) offensive vs defensive.

It is necessary for any society to do intelligence gathering to defend itself, or it will soon be overwhelmed by an autocratic one.

In contrast, when the entire state apparatus is turned to the goals of a single leader or party, and to suppressing any dissent and plundering other countries, it is quite a different affair. While the US has institutionalized racism in it's police forces, this is being openly fought. In contrast, China massacres thousands in Tianamen square and actively wipes it from the record, and currently imprisons over a million, it is a far different story.

False equivalence actively undermines truth.

(NB: the current US administration is doing everything it can to turn the US into an autocratic state, i.e., where the entire state apparatus serves the personal goals of administrators. However, it is actually the relative independence of the various agencies and branches of govt, including the 17 Intel agencies that are helping thwart those tendencies.)

The US jails journalists and most of our media is self censoring capitalists. Both political parties act in total agreement on lots of things as to give us no choice, and the US has a significant measurable difference between the desires of the people and the legislation we pass.

I really don’t think the US is a great democracy and we are significantly olichargic. On the other hand the Chinese government offers a fair amount of democratic decision making in some ways while squashing it in others. I really do think it’s hard to see one as morally superior than the other. It’s especially hard because I’ve been immersed in pro US propaganda my entire life.

An eloquent display of Whataboutism, to be sure.

Both are implicated, both are guilty. I fear there's little choice for the average citizen besides picking a side and living in relative obscurity.

While the term "Whataboutism" is effective rhetorically I find that it tends to silence rather than encourage discussion when the discussion strays towards pointing out hypocritical situations.

While I can totally sympathise with your second sentence I'm optimistic enough to believe that we can do a lot more than pick a side and engage in tribalism. Expressing criticism of immoral behaviour of one's perceived "own side" is a way of fighting back and it's more effective when more people do it. It's the raison d'être of free speech laws.

Excellent comment.

If we assume good faith, then they’re not committing espionage, they’re just incompetent to an extreme. Why then should we take the Chinese telecom industry seriously?

It was a Swiss company making a config error on their side, how is this incompetence on the Chinese end?

One thing you could criticize them for is that they're one of the few larger ones that still don't use MANRS, which is most likely since they use BGP spoofing domestically for censorship.

I recall reading that BGP leaks are common but most ISPs take steps from propagating them within a few seconds to minutes. The two hours is the incompetence I think he is referring to.

How do we know it wasn’t a Chinese agent inside a Swiss company making the “error”?

How do we know it wasn't a US agent disguised as a Chinese agent inside the Swiss company making the error?

"But instead of ignoring the BGP leak, China Telecom re-announced Safe Host's routes as its own, and by doing so, interposed itself as one of the shortest ways to reach Safe Host's network and other nearby European telcos and ISPs."

This is not 'good faith'.

This is the Swiss leaving their doors unlocked by accident and China walking in and taking a few pictures, purposefully.

Internet infrastructure is very complex and some minor telecom configuration mistake can easily cause non-optimal routing of packets. It seems that the accident is caused by an error by a Swiss data center, but somehow Chinese telecom is blamed.

From my understanding it's an error from a Swiss data center that Chinese telecom is constantly exploiting, so blaming the Swiss telecom is blaming the victim for letting their guard down.

Both parties are to blame.

The Swiss company is to blame for making the mistake.

China telecom is to blame for not putting in place basic safeguards to prevent this.

Typos happen, everyone makes mistakes. Luckily internet routing has a system to prevent mistakes from spreading across the internet.

China is messing up this error protection system that everyone else is using by not participating.

You can't stop people from making mistakes, but hopefully you can get the people who are supposed to be preventing the mistakes to do their job.

Per TFA, while the initial 'seed' of the error originated in Switzerland, China Telecomm magnified and exacerbated it.

One more reason to TLS all the things although it might not be enough to discourage these practices.

A VPN would not change much unless the exit node is ran by an ISP/Hosting provider not affected by the route hijacking.

Trouble is, if you control the IP you can obtain a valid certificate from many CAs. BGP hijacking gives you control over an IP.

Yeah, good point.

What I had in mind is this traffic being redirected for massive surveillance, traffic patterns, etc - which TLS would not fully solve, but it adds extra security or even partial obfuscation over your traffic patterns.

I don't think you fully understand how BGP is currently used. None of this would happen if all ISPs had proper route filters.

You gotta tell me where do you buy your crystal balls mate, mine doesn't allow me to publicly assume the level of knowledge someone has over a protocol and infrastructure, specially when that person hasn't made a single comment about it.

But going back to the main topic: None of this would happen if everyone was a nice person and we loved each other, either. Alas, it happens and you better add layers of defence.

As a side note, when was the last time yall saw a zdnet link? I remember Ziff Davis back in the day. But this was a blast from the past!

This reminds me the saying "Sufficiently advanced incompetence is indistinguishable from malice"

The cynic in me wants to switch that saying around.

I've recently (in the last fortnight) started getting voicemails from local numbers, but in either Cantonese or Mandarin. I wish I understood the message; it might make it less unsettling in light of this story.

They are scam calls targeting Chinese immigrants essentially saying "your visa has been revoked and you need to pay $$$ to avoid imprisonment". They are in Mandarin to target those who don't speak English and therefore can't ask local authorities for help.

It was China Telecom re-announcing the bad routes <s>this</s> every time.

Are there any other reports, maybe less inflammatory and based in facts.

As we know, there are very bad people on both sides.

Hard to take it seriously when the USA was the one meddling in other countries’ affairs for such a long time (Iran’s Mosadek government in the 50’s being my favorite peeve).

People here are very critical of the US for similar things, too. I'm not sure what you're point is besides to try to derail the discussion?

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact