Canada & BGP Hijacking
For over a decade (2010, 2018, 2019, 2020), China has quietly shown a pattern of hijacking global data flows by redirecting them through servers located in China, sometimes for minutes, other times for much longer, where the data could be copied onto Chinese Communist Party (CCP) networks and decrypted at leisure.
One of the discoveries that emerged from excellent technical work performed by a research team that focused on tracing Border Gateway Protocol (BGP) routes was that China hijacked all data from Canadian to Korean government sites for six months in 2016 and rerouted it through Chinese networks. Research below confirms this was not an isolated incident.
With Chinese technology firms expanding their market shares in areas critical to network infrastructure like telecommunications and submarine cables, there has been a corresponding increase in Chinese presence across foreign networks. A quick glance at China Telecom’s global data center map shows, for example, how their growing global presence has resulted in several dozen strategic installations of Chinese routing equipment across North American and European networks.
It was China Telecom’s network presence in Ottawa and other strategic network nodes across North America that enabled China’s digital espionage in 2016 (and in other cases). Researchers provide greater details on BGP hijacking and technical risk mitigants that are captured by this visual representation below:
The research team discovering this argues that because the diversion from the data’s normal route lasted six months, it is clearly not an accident or technical error. The authors, associated with Tel Aviv University and the U.S. Naval War College, note further attacks have occurred since, but for lesser durations.
It is truly remarkable that a few researchers at Tel Aviv University were able to build a route-tracing system capable of identifying patterns of accidental or intentional hijacking across many BGP routes simultaneously by observing BGP announcements and linking them to specific cities. China Telecom’s hijackings may not have been discovered otherwise.
Despite senior Canadian defence officials stating their intention to address this issue with China in 2018, it is unclear what, if anything, has been done, either alone or with allies. However, China’s own network vulnerabilities have grown with its global network presence and policies designed to reduce BGP related risks in one area may entail economic or intelligence trade-offs that this piece does not explore.
Over 97% of data today is carried through an undersea network infrastructure of nearly 400 submarine cables. When this data moves across the internet from one IP address to another, in the form of electrons, it essentially comprises information packets travelling across many different independent networks, or “Autonomous Systems” (AS) that collectively constitute today’s internet.
These various ASes are hosted on servers across the globe and are all assigned numbers through the Internet Assigned Numbers Authority (IANA), a critical standards organization, and other relevant regional bodies. Companies with large networks like Microsoft, Facebook and Google operate their own ASes, with each AS being assigned an individual AS number.
Other major network players include the Tier 1 network Internet Service Providers (ISPs) that occupy strategic nodes (i.e. ASes located at critical transit points where rich amounts of international data flow) and wield significant influence over the direction of data flows across global networks. Contractual or peering agreements negotiated between these parties determine which servers a particular data packet passes through to arrive at its destination IP address.
The modified diagram below depicts how various ASes across the globe exist as a collection of independent networks that communicate together as part of a larger network:
Border Gateway Protocols
A BGP is the mechanism that enables these various ASes to communicate with each other. Above, the blue BGP 1 line represents a specific server that ensures all traffic from AS64499 is routed to AS64511. Because of BGPs, someone in Korea can load a Canadian government website that is hosted on servers located in Ottawa. A BGP resembles a post office in this sense, acting to ensure a packet successfully arrives at its end destination (except different BGPs are owned by different organizations).
BGPs rely on several criteria to determine the path a particular data packet takes to arrive at its end destination. A significant one is distance. BGPs will normally select the shortest route to any given IP address by communicating with other ASes they are connected to. Each AS that is connected to a BGP can signal to have that BGP direct data flows through that AS’s particular network, before moving along further to its destination.
Correct signals depend on an honour system among AS operators. If one AS advertises a false connection with another AS, then global data flows can be redirected and the relevant data may take longer to arrive at its destination or never arrive at all, as Pakistan demonstrated when it accidentally shut down YouTube in 2008.
There are, however, many technical complexities and a host of other considerations present when dealing with BGP hijackings. For example, the nature of a BGP’s “normal” operations makes it challenging to identify when data is being rerouted, whether anomalous routes result from deliberate hijacking by an adversary or an operating error, or what exactly happens to the data as it transits through various servers.
Confirming these details in practice is difficult and has several security, political, policy and other implications highlighted by the case of China Telecom’s 2016 BGP hijacking of routes carrying data from Canadian to Korean government sites.
To conclude, Canada and its allies evidently remain vulnerable to continued BGP hijacks by adversaries with a large global network presence like China.
Effective solutions are challenging because they require the adoption of technical standards and best practices across a diverse number of network operating entities without disrupting the operation of the internet during their implementation. Multilateral enforcement presents its own challenges, too. Recall that policies designed to reduce BGP hijacking risks may entail economic or intelligence trade-offs that this piece does not explore.
Nevertheless, Canada must show international leadership by combining technical solutions (like those that verify the origin of requests made by various ASes) with diplomatic initiatives (like raising BGP hijackings at multilateral forums) to address the diverse security, human rights, economic, and other risks presented by BGP hijackings. Unilateral actions like removing Chinese routing equipment from Canadian networks may be necessary but insufficient.
Image: Norse Cyber Attack Map (13 September, 2015) by “Norse Attack Map” via Flickr. Licensed under CC BY-SA 2.0 International.
Disclaimer: Any views or opinions expressed in articles are solely those of the authors and do not necessarily represent the views of the NATO Association of Canada.