I wrote about China Telecom's rerouting of Internet traffic several years ago, but because my example lasted only 18 minutes there wasn't much interest in what actually happened there. Now comes a new report from two writers for Military Cyber Affairs. The Chinese have already said this report is based upon "groundless speculation" which means they cared enough to read it. I downloaded the report and recommend you read the report instead of the newspaper accounts. There is none of the usual academic qualifiers - they get straight to the point and are not quibbling about what they found.
These two, Chris Demchak and Yuval Shavitt, leave no doubt that China Telecom is diverting communications from their points of presence around the world. They speculate that this is to compensate for agreements to stop hacking industries, but allow "intelligence based hacking", which unfortunately the Chinese see as just another way of spying on domestic industries of other countries. They have a long explanation of how these kinds of attacks are orchestrated, and give specific examples for Italian banking, Canadian traffic to South Korea, and several others.
This is a report worth reading. China seems to be doing rerouting on an industry specific basis, giving them access to massive amounts of data being transmitted over time. Because it is an infrastructure attack, it is very hard to detect. Encryption would help to protect data being intercepted this way, so I'm a little surprised that financial data could be transported without it.
The report recommends "access reciprocity" meaning China has PoPs in the US but the US has none in China. How stupid is that?
No comments:
Post a Comment