European internet traffic took an unusual turn last week when it was hijacked by China and re-routed through Chinese gateways, researchers found.
A Border Gateway Protocol (BGP) leak took place at Swiss data center Safe Host, which resulted in more than 70,000 internet traffic routes being rerouted from the internet service provider’s (ISP) internal infrastructure to China Telecom, China’s third-largest telecommunications and ISP company, Director of Oracle’s Internet Analysis division Doug Madory said in a blog post on Thursday.
“Often routing incidents like this only last for a few minutes, but in this case many of the leaked routes in this incident were in circulation for over two hours,” Madory wrote, adding that such an incident over that time period led to “degrad[ed] global communications.”
For two hours, a large chunk of European mobile traffic was rerouted through China https://t.co/53vDMtQVqt
— ZDNet (@ZDNet) June 9, 2019
China, apparently aware of the leak, captured Safe Host’s routes and routed traffic through its own networks, which it declared the shortest path for traffic intended for European mobile networks.
As a result, it funneled through traffic from some of the largest European networks – Switzerland’s Swisscom, Holland’s KPN, and France’s Bouygues Telecom and Numericable-SFR.
“Numerous leaked routes were more-specifics of routed prefixes, suggesting the use of route optimizers or similar technology,” Madory noted.
Numerous users of the network providers complained of difficulties reaching the servers, some even asking if a BGP hijack had taken place.
@Swisscom_B2B_en Are you having routing problems? We have a hard time reaching multiple servers. BGP Hijack ? https://t.co/0EcyQAzP8s ?
— Didier Raboud (@OdyX_) June 6, 2019
Safety measures are supposed to be in place with each provider to prevent BGP leaks from occurring and interfering in other networks, but the leak showed that safeguard failures occurred.
“China Telecom, a major international carrier, has still implemented neither the basic routing safeguards necessary both to prevent propagation of routing leaks nor the processes and procedures necessary to detect and remediate them in a timely manner when they inevitably occur,” Madory wrote.
“Today’s incident shows that the internet has not yet eradicated the problem of BGP route leaks,” Madory added.
China has previously used BGP hijacking to hack global web traffic, and have been suspected of being responsible for other BGP routing issues.
The same company, China Telecom, was suspected in November 2018 of hijacking Google traffic.
The incident consisted of traffic involving numerous Google applications becoming rerouted to foreign service providers, while creating an outage for consumers, and “put[ting] valuable Google traffic in the hands of ISPs in countries with a long history of Internet surveillance,” according to network monitoring group ThousandEyes at the time.
Also in November, two internet analysis reports found that China Telecom had been misdirecting internet traffic, but it was not known at the time whether that was intentional or not.