China Telecom has been using poisoned internet routes to suck up massive amounts of US and Canadian internet traffic

Originally published at: https://boingboing.net/2018/10/26/bgp-pop-mitm.html

4 Likes

If you can’t spot a double-transPacific delay (never mind the buffer delay in China) then your feed sucks. If you are using a feed that bad for anything serious, China is only one of your problems.

San Francisco to Shanghai is about 10,000 kilometers. Round trip is 20,000 km and the pipes are either fiber (about 2 seconds round trip) or bounced off of a geostationary satellite (70,000 km round trip, but faster for only slightly more time if you can get it without a relay.) Either way the delay is far from “unnoticeable.”

If their POPs are doing the snooping in the USA, they might be fast but they’re also wide open to law enforcement. Assuming that anyone will bother.

5 Likes

So you’d notice the extra 2 seconds it takes for an email to get to you?
Maybe for voice chat, or if you have some software looking for it, but I doubt most people or businesses would ever notice any delay. I was working in an office here in North America that would route an email to the person sitting a few desks away from me through security filters in the head office in Europe- took about eight minutes to arrive. It was great for encouraging people to get up and talk to each other but no way we’d have noticed a two second delay.

3 Likes

Not just e-mails. It’s all of the traffic, and that’s going to include interactive sites. For that matter, it includes online gaming. Those suckers track their ping times to the microsecond.

3 Likes

Do time sensitive processes use a different route or protocol? I imagine there is a way to avoid disrupting traffic that would give you away.

And, they were noticed.

Is there really a 2s delay for fiber? What causes this? Light travels at about c/n~2e8 m/s through the cables, which suggests a lower bound from physics of t~0.1 s for 20,000km of travel (0.1s =(2e7 m)/(2e8 m/s). I tend not to notice latency in China-US FaceTime calls, but no idea how they’re routed.

Note: edited to correct a typo in the number “20,000km”, which was entered as 20km. Equations and t=0.1s vs. 2s puzzlement are otherwise unchanged.

1 Like

From the fact this has been published in the open press, should I assume the NSA and GCHQ have other ways of stealing data?

4 Likes

If there is a threat then one has to consider that if YOU can know of it our own cyber soldiers knew about it long ago and have exploited it much the same way an intel organization would exploit a double agent they have discovered by feeding them information they want the enemy to get. Most of which is useless but with a nugget buried deep inside that misdirects the target.

I was just talking to someone this morning about the Utah Data Center the NSA built. The center acts as a filter and as a backup copy of all net traffic down to the smallest keystroke of electronic communications. If an enemy state pulled the trigger on a cyber attack that would be devastating that triggering has to go through the data center before the command gets to it’s destination, it can be stopped, one hopes anyway, but even if it can’t be the damage would be limited by the fact that the government can simply chose a moment in time just nanoseconds prior to the attack and restore our net capability to that time after isolating our systems from the rest of the world.

Okay, maybe, maybe not, what I am saying is that what we know about our capabilities is so far advanced that even hints about it’s true nature will not be in the public sphere for decades. Speculation will not be correct, and will be an underestimate by miles and light years. Americans have been conditioned to think our enemies are so far more advanced than we are when it comes to cyber attacks and defenses, and that is how our government wants us to be perceived, because a false sense of weakness can be invaluable when it comes to your enemy underestimating your abilities. It is not plausible to me as ex military that our technology and our economic ability to spend on defense, and our will to prevail, would in any way be inferior to our potential rivals, or that we are just too dense to understand that we have been compromised in any serious way.

If a nation such as Iran has done things like commandeer one of our stealth drones (remember that one?) and we seemed to be flummoxed by that development, people seem to want to seize upon that as proof we are way behind in matters of cyber security. They do not consider the possibility that the event in question was actually used to deliver flawed designs and malicious code to the Iranians.

In the cyber sphere of potential hostiles, I am going to stick with the USA. I do not believe that NK or Iran or any other player out there has our resources and intellectual capacity to dominate us in the field.

That was my thought too. (But, 20K km.)

1 Like

Encrypt the world

Not 20 km, 20,000 km. Otherwise your calculation is the same as mine, just three orders of magnitude.

And the routing isn’t protocol specific, although there’s been talk on that front it’s really not worth doing.

1 Like

mooningmycamera.jpg

3 Likes

Not 2.000 seconds. More like 0.100 seconds. Speed of light in vacuum, is 300,000 km/sec, maybe half that in fiber,30,000km is 0.1 sec, and while the extra distance might be perceptible on a voice or video conversation, it’s still not bad, which is why you can have a phone call from the US to China or India on fiber that’s not as annoying as satellite used to be, and for most other data applications won’t be obvious at all.

Where you get slowdowns is if the cables to/from China are congested, or if the equipment on the endpoints is congested, but that’s basically a question of whether they’re stealing all the bits they can eat or not.

Googling tells me that fiber needs a repeater every 100 miles or so. I’m sure there is some delay associated with various types of repeaters, plus the optical/electronic conversions at either end.

1 Like

Can we have RPKI now?

I did helldesk for Microsoft whose Exchange servers were so b0rked at that site it could take 24hrs to send an email.

1 Like

Color%20Me%20Shocked

So, in other words, the NSA in its Utah data centre hase a backup of all the porn on the internet?
Asking for a friend.

1 Like

This topic was automatically closed after 5 days. New replies are no longer allowed.