How your internet data ends up in China
Did you know that China quietly hijacks large chunks of internet traffic and siphons off data in a supermegahyperscale fashion?
Not only that, but the data is copied and analysed for surveillance and intellectual property theft, say researchers who have tracked the nefarious activity for years.
To understand what’s going on, it helps to know that the internet isn’t actually a single, cohesive worldwide network.
Instead, the internet comprises multiple large networks operated by internet providers, cloud companies, IT equipment vendors, social media, governments and other organisations.
Sometimes these networks either pay or freely swap data directly with one another. Other times the data from network A has to transit across network B before it reaches the destination network C.
Operators run software called Border Gateway Protocol (BGP) on internet routers which provides hints to networks about how traffic should flow between them.
The big flaw here is that BGP is a honour-based system that depends on technical staff at operators doing the right thing. But criminals and authoritarian nations see open and collaborative systems like BGP as an opportunity for abuse.
There have been plenty of cases of rogue operators abusing BGP to hijack and change internet data flows. From spammers stealing unused internet address space, to Pakistani censors knocking YouTube offline as they tried to block a video deemed offensive.
What’s happened in this case is that giant state-owned telco China Telecom’s routers have advertised that they know the route to the destination network C above. Instead of going directly to network C though, the data takes a detour via network D, in China, where information is copied for analysis and encryption breaking.
After that, the data is sent to network C from network D. Provided the points of presence (PoPs) where the hijacking takes place are physically close to target networks so that transmission delays are minimal, such traffic rerouting often goes unnoticed.
Canadian government networks had data destined for Korea go via China for six months, for instance, through China Telecom PoPs in North America.
Meanwhile, China has just three internet gateways, in Beijing, Shanghai and Hong Kong, making spoofed routes far easier to detect and protect against. The chances of Western telcos being allowed to add their own secure PoPs in China are slim to say the list.
Sure, strong encryption of data means foreign spies can’t read your emails, or snag other information even when they steal your internet traffic. Unless, of course, the encryption is deliberately weakened by intelligence agencies such as the NSA, as described by Edward Snowden’s leak of the BULLRUN programme.
Other times, killing internet information flows completely by making networks unreachable can be useful to create uncertainty and angst for financial markets and during elections.
Even without capturing data, being able to monitor traffic patterns provides valuable surveillance insights. Knowing who’s talking to whom, at what time, the volumes and specific types of data exchanged, all tell an adversary a great deal about what’s going on.
Tracking communications patterns is an ancient form of surveillance, of course, but the internet makes it easy to collect the information from many targets at the same time, and from just a few points through which vast amounts of data pass.
Yes, there are ways to stop traffic hijacking as per above. They require everyone to co-operate and play nicely with each other.
Not to mention understanding how to do it right, all of which is unlikely to happen any time soon.
A realpolitik solution would be to severely restrict Chinese operators’ access to Western countries and their allies’ networks until they agree to stop hijacking our data — we should leave theirs alone too
— and appreciate the value of a free-ish and unfettered internet.
There are ways to stop traffic hijacking. They require everyone to co-operate and play nicely with each other.