China has been illegally redirecting traffic on the world’s Internet for 2 1/2 years

15 min read

A recent discovery shows a Telecommunications company with ties to China’s government misdirected traffic for two and a half years.

In recent times, a misdirection hacker operation allowed for the theft of over $150,000 in digital coins as unwitting people were routed to a fake site rather than the authentic wallet service.

When end users clicked through a message warning of a self-signed certificate, the fake site drained their digital wallets.

China Telecom, the large international communications carrier with close ties to the Chinese government, misdirected big chunks of Internet traffic through a roundabout path that threatened the security and integrity of data passing between various providers’ backbones for two and a half years, a security expert said Monday.

It remained unclear if the highly circuitous paths were intentional hijackings of the Internet’s Border Gateway Protocol or were caused by accidental mishandling.

For almost a week late last year, the improper routing caused some US domestic Internet communications to be diverted to mainland China before reaching their intended destination, Doug Madory, a researcher specializing in the security of the Internet’s global BGP routing system, told Ars.

As the following traceroute from December 3, 2017 shows, traffic originating in Los Angeles first passed through a China Telecom facility in Hangzhou, China, before reaching its final stop in Washington, DC. The problematic route  was the result of China Telecom inserting itself into the inbound path of Verizon Asian Pacific.

In 2013, malicious hackers repeatedly hijacked massive chucks of Internet traffic in what was likely a test run. Also in 2013, spyware service provider Hacking Team orchestrated the hijacking of IP addresses it didn’t own to help Italian police regain control over several computers they were monitoring in an investigation. A year later, domestic Russian Internet traffic was diverted through China.

On two occasions last year, traffic to and from major US companies was suspiciously and intentionally routed through Russian service providers. Traffic for Visa, MasterCard, and Symantec—among others—was rerouted in the first incident in April, while Google, Facebook, Apple, and Microsoft traffic was affected in a separate BGP event about eight months later.

By routing traffic through networks controlled by the attacker, BGP manipulation allows the adversary to monitor, corrupt, or modify any data that’s not encrypted. Even when data is encrypted, attacks with names such as DROWN or Logjam have raised the specter that some of the encrypted data may have been decrypted. Even when encryption can’t be defeated, attackers can sometimes trick targets into dropping their defenses, as the BGP hijacking against did.

The domestic US traffic, in particular, “becomes an even more extreme example,” he told Ars. “When it gets to US-to-US traffic traveling through mainland China, it becomes a question of is this a malicious incident or is it accidental? It’s definitely concerning. I think people will be surprised to see that US-to-US traffic was sent through China Telecom for days.”

Australian intelligence determined China was responsible for a cyber-attack on its national parliament and three largest political parties before the general election in May, five people with direct knowledge of the matter told.

In response to questions posed by Reuters, Prime Minister Scott Morrison’s office declined to comment on the attack, the report’s findings or whether Australia had privately raised the hack with China.
China’s Foreign Ministry denied involvement in any sort of hacking attacks and said the internet was full of theories that were hard to trace.

September 2019. Huawei accused the U.S. government of hacking into its intranet and internal information systems to disrupt its business operations.

August 2019. China used compromised websites to distribute malware to Uyghur populations using previously undisclosed exploits for Apple, Google, and Windows phones.

August 2019. Chinese state-sponsored hackers were revealed to have targeted multiple U.S. cancer institutes to take information relating to cutting edge cancer research

August 2019. North Korean hackers conducted a phishing campaign against foreign affairs officials in at least three countries, with a focus on those studying North Korean nuclear efforts and related international sanctions.

August 2019. Huawei technicians helped government officials in two African countries track political rivals and access encrypted communications.

August 2019. The Czech Republic announced that the country’s Foreign Ministry had been the victim of a cyberattack by an unspecified foreign state

August 2019. A suspected Indian cyber espionage group conducted a phishing campaign targeting Chinese government agencies and state-owned enterprises for information related to economic trade, defense issues, and foreign relations.

August 2019. Networks at several Bahraini government agencies and critical infrastructure providers were infiltrated by hackers linked to Iran

August 2019.  A previously unidentified Chinese espionage group was found to have worked since 2012 to gather data from foreign firms in industries identified as strategic priorities by the Chinese government, including telecommunications, healthcare, semiconductor manufacturing, and machine learning. The group was also active in the theft of virtual currencies and the monitoring of dissidents in Hong Kong.

August 2019.  Russian hackers were observed using vulnerable IoT devices like a printer, VOIP phone, and video decoder to break into high-value corporate networks

August 2019.  A seven-year campaign by an unidentified Spanish-language espionage group was revealed to have resulted in the theft of sensitive mapping files from senior officials in the Venezuelan Army

August 2019. State-sponsored Chinese hackers conducted a spear-phishing campaign against employees of three major U.S. utility companies

July 2019.  Capital One reveals that a hacker accessed data on 100 million credit card applications, including Social Security and bank account numbers.

July 2019.  Encrypted email service provider ProtonMail was hacked by a state-sponsored group looking to gain access to accounts held by reporters and former intelligence officials conducting investigations of Russian intelligence activities.

July 2019.  Several major German industrial firms including BASF, Siemens, and Henkel announced that they had been the victim of a state-sponsored hacking campaign reported to be linked to the Chinese government

July 2019.  A Chinese hacking group was discovered to have targeted government agencies across East Asia involved in information technology, foreign affairs, and economic development.

July 2019.  The U.S. Coast Guard issued a warning after it received a report that a merchant vessel had its networks disrupted by malware while traveling through international waters

July 2019.  Microsoft revealed that it had detected almost 800 cyberattacks over the past year targeting think tanks, NGOs, and other political organizations around the world, with the majority of attacks originating in Iran, North Korean, and Russia.

July 2019.  Libya arrested two men who were accused of working with a Russian troll farm to influence the elections in several African countries.

July 2019.  Croatian government agencies were targeted in a series of attacks by unidentified state sponsored hackers

June 2019.  Western intelligence services were alleged to have hacked into Russian internet search company Yandex in late 2018 to spy on user accounts

June 2019.  Over the course of seven years, a Chinese espionage group hacked into ten international cellphone providers operating across thirty countries to track dissidents, officials, and suspected spies.

June 2019.  The U.S. announced it had launched offensive cyber operations against Iranian computer systems used to control missile and rocket launches.

June 2019.  Iran announced that it had exposed and helped dismantle an alleged CIA-backed cyber espionage network across multiple countries

June 2019.  U.S. officials reveal ongoing efforts to deploy hacking tools against Russian grid systems as a deterrent and warning to Russia

June 2019.  U.S. grid regulator NERC issued a warning that a major hacking group with suspected Russian ties was conducting reconnaissance into the networks of electrical utilities.

June 2019.  China conducted a denial of service attack on encrypted messaging service Telegram in order to disrupt communications among Hong Kong protestors

June 2019.  A suspected Iranian group was found to have hacked into telecommunications services in Iraq, Pakistan, and Tajikistan

June 2019.  Chinese intelligence services hacked into the Australian University to collect data they could use to groom students as informants before they were hired into the civil service.

May 2019.  Government organizations in two different Middle Eastern countries were targeted by Chinese state-sponsored hackers.

May 2019.  A Chinese government-sponsored hacking group was reported to be targeting unidentified entities across the Philippines.

May 2019.  Iran developed a network of websites and accounts that were being used to spread false information about the U.S., Israel, and Saudi Arabia.

May 2019.  The Israeli Defense Forces launched an airstrike on the Hamas after they unsuccessfully attempted to hack Israeli targets.

May 2019.  Hackers affiliated with the Chinese intelligence service reportedly had been using NSA hacking tools since 2016, more than a year before those tools were publicly leaked.

April 2019.  Amnesty International’s Hong Kong office announced it had been the victim of an attack by Chinese hackers who accessed the personal information of the office’s supporters.

April 2019.  Ukrainian military and government organizations had been targeted was part of a campaign by hackers from the Luhansk People’s Republic, a Russia-backed group that declared independence from Ukraine in 2014.

April 2019.  Hackers used spoofed email addresses to conduct a disinformation campaign in Lithuania to discredit the Defense Minister by spreading rumors of corruption.

April 2019.  The Finnish police probed a denial of service attack against the web service used to publish the vote tallies from Finland’s elections.

April 2019.   Iranian hackers reportedly undertook a hacking campaign against banks, local government networks, and other public agencies in the UK.

April 2019.  Pharmaceutical company Bayer announced it had prevented an attack by Chinese hackers targeting sensitive intellectual property.

March 2019.  The Australian Signals Directorate revealed that it had conducted cyber attacks against ISIS targets in the Middle East to disrupt their communications in coordination with coalition forces.

March 2019.  An Iranian cyber espionage group targeted government and industry digital infrastructure in Saudi Arabia and the U.S.

March 2019.   State supported Vietnamese hackers targeted foreign automotive companies to acquire IP.

March 2019.   Iran’s intelligence service hacked into former IDF Chief and Israeli opposition leader Benny Gantz’ cellphone ahead of Israel’s April elections.

March 2019.  North Korean hackers targeted an Israeli security firm as part of an industrial espionage campaign.

March 2019.  Russian hackers targeted a number of European government agencies ahead of EU elections in May.

March 2019.  Indonesia’s National Election Commission reported that Chinese and Russian hackers had probed Indonesia’s voter database ahead of presidential and legislative elections in the country.

March 2019.  Civil liberties organizations claimed that government-backed hackers targeted Egyptian human rights activists, media, and civil society organizations throughout 2019.

March 2019.  The UN Security Council reported that North Korea has used state-sponsored hacking to evade international sanctions, stealing $670 million in foreign currency and cryptocurrency between 2015 and 2018.

March 2019.  Iranian hackers targeted thousands of people at more than 200 oil-and-gas and heavy machinery companies across the world, stealing corporate secrets and wiping data from computers.

March 2019.  Following an attack on Indian military forces in Kashmir, Pakistani hackers targeted almost 100 Indian government websites and critical systems. Indian officials reported that they engaged in offensive cyber measures to counter the attacks.

March 2019.  U.S. officials reported that at least 27 universities in the U.S. had been targeted by Chinese hackers as part of a campaign to steal research on naval technologies.

February 2019.  The UN International Civil Aviation Organizations revealed that in late 2016 it was compromised by China-linked hackers who used their access to spread malware to foreign government websites.

February 2019.  Prior to the Vietnam summit of Kim Jong Un and Donald Trump, North Korean hackers were found to have targeted South Korean institutions in a phishing campaign using documents related to the diplomatic event as bait.

February 2019.  U.S. Cybercommand revealed that during the 2018 U.S. midterm elections, it had blocked internet access to the Internet Research Agency, a Russian company involved in information operations against the U.S. during the 2016 presidential election.

February 2019.  A hacking campaign targeted Russian companies linked to state-sponsored North Korean hackers.

February 2019. Hackers associated with the Russian intelligence services had targeted more than 100 individuals in Europe at civil society groups working on election security and democracy promotion.

February 2019.  State-sponsored hackers were caught in the early stages of gaining access to computer systems of several political parties as well as the Australian Federal Parliament.

February 2019.  European aerospace company Airbus reveals it was targeted by Chinese hackers who stole the personal and IT identification information of some of its European employees.

February 2019.  Norwegian software firm Visma revealed that it had been targeted by hackers from the Chinese Ministry of State Security who were attempting to steal trade secrets from the firm’s clients.

January 2019.  Hackers associated with the Russian intelligence services were found to have targeted the Center for Strategic and International Studies.

January 2019.  The U.S. Department of Justice announced an operation to disrupt a North Korean botnet that had been used to target companies in the media, aerospace, financial, and critical infrastructure sectors.

January 2019.  Former U.S. intelligence personnel were revealed to be working for the UAE to help the country hack into the phones of activists, diplomats, and foreign government officials

January 2019.  U.S. prosecutors unsealed two indictments against Huawei and its CFO Meng Wanzhou alleging crimes ranging from wire and bank fraud to obstruction of justice and conspiracy to steal trade secrets

January 2019.  Security researchers reveal that Iranian hackers have been targeting the telecom and travel industries since at least 2014 in an attempt to surveil and collect the personal information of individuals in the Middle East, U.S., Europe, and Australia

January 2019.  The U.S. Democratic National Committee revealed that it had been targeted by Russian hackers in the weeks after the 2018 midterm elections

January 2019.  South Korea’s Ministry of National Defense announced that unknown hackers had compromised computer systems at the ministry’s procurement office

January 2019.  The U.S. Securities and Exchange Commission charged a group of hackers from the U.S., Russia, and Ukraine with the 2016 breach of the SEC’s online corporate filing portal exploited to execute trades based on non-public information

January 2019.  Iran was revealed to have engaged in a multi-year, global DNS hijacking campaign targeting telecommunications and internet infrastructure providers as well as government entities in the Middle East, Europe, and North America.

January 2019.  Hackers release the personal details, private communications, and financial information of hundreds of German politicians, with targets representing every political party except the far-right AfD.

December 2018.  North Korean hackers targeted the Chilean interbank network after tricking an employee into installing malware over the course of a fake job interview

December 2018.  Chinese hackers were found to have compromised the EU’s communications systems, maintaining access to sensitive diplomatic cables for several years

December 2018.  North Korean hackers stole the personal information of almost 1,000 North Korean defectors living in South Korea

December 2018.  The United States, in coordination with Australia, Canada, the UK, and New Zealand, accused China for conducting a 12-year campaign of cyber espionage targeting the IP and trade secrets of companies across 12 countries. The announcement was tied to the indictment of two Chinese hackers associated with the campaign.

December 2018.  U.S. Navy officials report that Chinese hackers had repeatedly stolen information from Navy contractors including ship maintenance data and missile plans.

December 2018.  Security researchers discover a cyber campaign carried out by a Russia-linked group targeting the government agencies of Ukraine as well as multiple NATO members

December 2018.  Researchers report that a state-sponsored Middle Eastern hacking group had targeted telecommunications companies, government embassies, and a Russian oil company located across Pakistan, Russia, Saudi Arabia, Turkey, and North America

December 2018.  Italian oil company Saipem was targeted by hackers utilizing a modified version of the Shamoon virus, taking down hundreds of the company’s servers and personal computers in the UAE, Saudi Arabia, Scotland, and India

December 2018.  North Korean hackers have reportedly targeted universities in the U.S. since May, with a particular focus on individuals with expertise in biomedical engineering

December 2018.  The Security Service of Ukraine blocked an attempt by the Russian special services to disrupt the information systems of Ukraine’s judicial authority

December 2018.  The Czech security service announced that Russian intelligence services were discovered to have been behind attacks against the Czech foreign ministry in 2017

December 2018.  Secretary of State Mike Pompeo confirmed that Chinese hackers breached the systems of an American hotel chain, stealing the personal information of over 500 million customers

November 2018.  German security officials announced that a Russia-linked group had targeted the email accounts of several members of the German parliament, as well as the German military and several embassies

November 2018.  Security researchers report that Russia launched coordinated cyber attacks against Ukrainian government and military targets before and during the attack on Ukrainian ships in late November

November 2018.  Researchers reveal that a Mexican government-linked group used spyware to target the colleagues of a slain journalist investigating drug cartels

November 2018.  Security researchers discover a cyberespionage campaign targeting government websites of Lebanon and the UAE

November 2018.  The U.S. Justice Department indicted two Iranians for the ransomware attack affecting Atlanta’s government earlier in 2018

November 2018.  Chinese state media reports that the country had been the victim of multiple attacks by foreign hackers in 2018, including the theft of confidential emails, utility design plans, lists of army units, and more

November 2018.  North Korean hackers were found to have used malware to steal tens of millions of dollars from ATMs across Asia and Africa

November 2018.  Security researchers report that Russian hackers impersonating U.S. State Department officials attempted to gain access to the computer systems of military and law enforcement agencies, defense contractors, and media companies

November 2018.  Ukraine’s CERT discovered malware in the computer systems of Ukraine state agencies believed to be implanted as a precursor for a future large-scale cyber attack

November 2018.  Researchers discover that a Chinese cyberespionage group targeted a UK engineering company using techniques associated with Russia-linked groups in an attempt to avoid attribution

November 2018.  The Pakistani Air Force was revealed to have been targeted by nation-state hackers with access to zero-day exploits

November 2018. Security researchers identify an Iranian domestic surveillance campaign to monitor dissent targeting Telegram and Instagram users

November 2018.  Australian defense shipbuilder Austal announced it had been the victim of a hack resulting in the theft of unclassified ship designs which were later sold online

October 2018.  The head of Iran’s civil defense agency announced that the country had recently neutralized a new, more sophisticated version of Stuxnet

October 2018.  The U.S. Department of Justice indicted Chinese intelligence officers and hackers working for them for engaging in a campaign to hack into U.S. aerospace companies and steal information

October 2018.  Security researchers link the malware used to attack a petrochemical plant in Saudi Arabia to a research institute run by the Russian government.

October 2018.  U.S. defense officials announced that Cyber Command had begun targeting individual Russian operatives to deter them from interfering in the 2018 midterm elections.

October 2018.  Media reports state than U.S. agencies warned President Trump that that China and Russia eavesdropped on call made form an unsecured phone.

October 2018.  News reports reveal that the Israel Defense Force requested that cybersecurity companies develop proposals for monitoring the personal correspondence of social media users.

October 2018.  The U.S. Department of Homeland Security announces that it has detected a growing volume of cyber activity targeting election infrastructure in the U.S. ahead of the 2018 midterm elections.

October 2018.  The Centers for Medicare and Medicaid Services announced that hackers had compromised a government computer system, gaining access to the personal data of  75,000 people ahead of the start of ACA sign-up season.

October 2018.  The Security Service of Ukraine announced that a Russian group had carried out an attempted hack on the information and telecommunication systems of Ukrainian government groups

October 2018.  The U.S. Justice Department announces criminal charges against seven GRU officers for multiple instances of hacking against organizations including FIFA, Westinghouse Electric Company, the Organisation for the Prohibition of Chemical Weapons, and the U.S. and World Anti-Doping Agencies.

September 2018.  Security researchers found that a Russian hacking group had used malware to target the firmware of computers at government institutions in the Balkans and in Central and Eastern Europe.

September 2018.  In a letter to Senate leaders, Sen. Ron Wyden revealed that a major technology company had alerted multiple Senate offices of attempts by foreign government hackers to gain access to the email accounts of Senators and their staff

September 2018.  Researchers report that 36 different governments deployed Pegasus spyware against targets in at least 45 countries, including the U.S., France, Canada, and the UK.

September 2018.  The U.S. State Department suffers a breach of one of its unclassified email systems, exposing the personal information of several hundred employees.

September 2018.  Swiss officials reveal that two Russian spies caught in the Netherlands had been preparing to use cyber tools to sabotage the Swiss defense lab analyzing the nerve agent used to poison former Russian Agent Sergei Skripal.

September 2018.  Security researchers find that Iranian hackers have been surveilling Iranian citizens since 2016 as part of a mobile spyware campaign directed at ISIS supporters and members of the Kurdish ethnic group.

September 2018.  Russian hackers targeted the email inboxes of religious leaders connected to Ukraine amid efforts to disassociate Ukraine’s Orthodox church from its association with Russia.

September 2018.  The U.S. Department of Justice announces the indictment and extradition of a Russian hacker accused of participating in the hack of JP Morgan Chase in 2014, leading to the theft of data from over 80 million customers.

September 2018.  The U.S. Department of Justice announces the indictment of Park Jin Hyok, a North Korean Hacker allegedly involved in the 2014 Sony hack, the 2016 theft of $81 million from a Bangladeshi bank, and the WannaCry ransomware attacks.

September 2018.  Researchers reveal a new cyber espionage campaign linked to attacks against Vietnamese defense, energy, and government organizations in 2013 and 2014.

This new information may lead one to believe China knows exactly what it’s doing. Perhaps sometime in the future, we may know the truth.

Source: MagAMedia – China’s been Spying on our Internet for 2 1/2 YEARS

Tony Simon

Leave a Reply

Your email address will not be published. Required fields are marked *