This post is also available in: עברית (Hebrew)
The US is accusing China in the involvement of malicious internet operations. A group of US executive agencies is recommending the Federal Communications Commission (FCC) revoke the license authorizing the state-owned China Telecom to provide international telecommunications services to and from the United States. The recommendation cites the misrouting of US Internet traffic, malicious hacking, and control by the Chinese government.
The statement was jointly issued by the Departments of Justice, Homeland Security, Defense, State, Commerce, and the United States Trade Representative.
BGP hijacks are mentioned as one type of security event. Border Gateway Protocol is largely based on implicit trust one provider—which in Internet parlance is known as an AS or autonomous system—places in another. These ASes “announce routes” that other ASes should use to reach networks in particular geographic regions. While BGP favors the shortest, most direct paths, erroneous or malicious announcements can cause traffic to follow roundabout paths that can cause major outages or worse. BGP hijackings are especially concerning because they allow spies from China, Russia, or elsewhere to monitor or tamper with any unencrypted data that improperly passes through their networks before being sent on to the intended destination.
China Telecom says it’s the country’s second-biggest mobile operator. China Telecom Americas, the subsidiary that operates in the US, received authorization from the FCC in 2002.
According to arstechnica.com, over the past decade, the Chinese telecom has been at the center of several major security events, most visibly those involving the misrouting of huge chunks of Internet traffic sent to and from the US and other countries.
One of the more concerning events came to light in 2018 when a researcher revealed that China Telecom had diverted US domestic Internet communications to mainland China before sending them on to their intended destinations. The improper paths occurred over a two-and-a-half-year span, from 2015 to 2017.
Another BGP mishap occurred in 2019 when China Telecom diverted traffic destined for some of Europe’s biggest mobile providers for two hours.
In addition, hacking groups widely believed to work on behalf of the Chinese government have been active in attacks against the US and its allies, and the Chinese government has also been tied to attacks on satellite, defense, telecom firms, etc.
However, experts claim that attributing hacks to specific groups or countries is notoriously difficult, since attackers frequently plant false flags that wrongly implicate rivals. What’s more, BGP routing mishaps happen repeatedly and frequently as a result of error and not malice.
China Telecom Americas denied all the allegations, claiming that the company has always been extremely cooperative and transparent with regulators and is looking forward to sharing additional details.