A huge quantity of European mobile traffic was recently rerouted through state-run China Telecom, sparking security fears.
Reports have emerged that at 9.43am UTC on Thursday 6 June, some of Europe’s largest mobile providers unexpectedly saw their network traffic redirected to the other side of the world. According to Ars Technica, a misfire in the global mobile routing system known as the Border Gateway Patrol (BGP) resulted in this huge amount of traffic passing through China Telecom before eventually ending up at its final destination.
The incident was first discovered by Oracle security analyst Doug Madory and the error was traced back to an autonomous system owned by a Swiss data centre colocation company called Safe Host. The company was found to have improperly updated its routers to advertise itself as the correct path for traffic to follow.
Eventually amounting to 70,000 internet routes comprising an estimated 368m IP addresses, a deal signed between China Telecom and Safe Host meant the former immediately echoed these routes rather than dropping them entirely, as per BGP practices.
Among the networks involved were Swisscom of Switzerland, KPN of the Netherlands, and Bouygues Telecom and Numericable-SFR of France.
While BGP leaks are common – happening for a matter of seconds multiple times in one day – one lasting for two hours has raised eyebrows among telecoms providers and cybersecurity experts alike.
So far, no one has been able to pinpoint whether this was just a major mistake resulting in a BGP leak, or if this may have been partly the result of an intentional hijacking attempt.
What is certain, however, is that this is not China Telecom’s first time being involved in a BGP incident. In November, Madory found that it had improperly misdirected significant amounts of internet traffic through its servers for more than two years.
“[This] incident shows that the internet has not yet eradicated the problem of BGP route leaks,” Madory said in his blogpost.
“It also reveals that China Telecom, a major international carrier, has still implemented neither the basic routing safeguards necessary both to prevent propagation of routing leaks nor the processes and procedures necessary to detect and remediate them in a timely manner when they inevitably occur.”
It is worth noting that much of today’s mobile traffic is encrypted, making it almost impossible to read or modify. However, theories abound that cybercriminals may be able to exploit weak encryption cyphers or use fraudulent certificates to decrypt some of this traffic.
China Telecom has, so far, not responded to requests for a comment.