The Chinese regime may have a new method up its sleeve to steal data. Rather than hacking networks and installing malware, it can merely divert global internet traffic through its own networks—allowing it to see, store, and steal whatever it likes.
This appears to be the case with recent anomalies seen with China Telecom, a state-owned company under the Chinese regime’s China Telecommunications Corp.
For two hours on June 6, a large portion of mobile device traffic in Europe was diverted through systems controlled by China Telecom. According to ZDNet, the technical error was caused after the Border Gateway Protocol (BGP), which reroutes traffic at the internet service provider level, at Swiss data center company Safe Host leaked more than 70,000 routes to the Chinese internet service provider.
It notes that there are usually safety procedures to prevent BGP leaks such as this, and the issue could have been fixed when it was discovered.
Yet, as ZDNet reported, “instead of ignoring the BGP leak, China Telecom re-announced Safe Host’s routes as its own, and by doing so, interposed itself as one of the shortest ways to reach Safe Host’s network and other nearby European telcos and ISPs.”
Because of this, data from European mobile networks were rerouted through China Telecom’s networks, which could have exposed the data to the Chinese state-run company. It also slowed or prevented connections for some users.
Doug Madory, director of Oracle’s internet analysis division, told ZDNet that the duration of the supposed error was oddly long. “Often routing incidents like this only last for a few minutes, but in this case, many of the leaked routes in this incident were in circulation for over two hours,” he said.
It’s unclear what caused the issue, but this isn’t the first time China Telecom has been involved with this type of error. And the timing of previous incidents—and major networks affected—suggest something deeper is at play.
In April 2010, an estimated 15 percent of the world’s internet traffic was routed through China Telecom networks. The supposed error that caused this was the same—rerouting of BGP data. Only, in 2010, it was called out as a type of cyberattack known as “IP hijacking.”
A report at the time from the U.S.-China Economic and Security Review Commission stated that the China Telecom breach had caused U.S. and other international internet traffic to flow through the Chinese regime’s servers. This included many sensitive networks.
“This incident affected traffic to and from U.S. government (‘.gov’) and military (‘.mil’) sites, including those for the Senate, the Army, the Navy, the Marine Corps, the Air Force, the Office of Secretary of Defense, the National Aeronautics and Space Administration, the Department of Commerce, the National Oceanic and Atmospheric Administration, and many others. Certain commercial websites were also affected, such as those for Dell, Yahoo!, Microsoft, and IBM,” the report states.
According to the report, this could have allowed the Chinese regime to monitor users and data, block access to certain websites or data, conceal another cyberattack, and even compromise the integrity of secured, encrypted connections.
Another data breach through China Telecom was uncovered in 2015, after former U.S. President Barack Obama signed an agreement with Chinese leader Xi Jinping to end the use of hacking for commercial gain. This followed the indictment of five Chinese military hackers for stealing intellectual property from U.S. companies for the benefit of Chinese companies.
Military Cyber Affairs, a journal published by the Military Cyber Professionals Association, discussed the breach in a 2018 report. It stated that the CCP may have been switching from cyberattacks to a more subtle method to steal data from targeted networks or companies.
“Conveniently, China Telecom has 10 strategically placed, Chinese-controlled internet ‘points of presence’ (PoPs) across the internet backbone of North America,” the report said. During the 2015 breach, China Telecom hijacked internet data as it traveled through this infrastructure and redirected it to China for “malicious use.”
The report noted that, through this method, the CCP could access the organization’s network, steal valuable data, add malicious implants to seemingly normal traffic, or simply modify or corrupt data.
It also noted, “The prevalence of and demonstrated ease with which one can simply redirect and copy data by controlling key transit nodes buried in a nation’s infrastructure requires an urgent policy response.”