Re: China ’s Maxim – Leave No Access Point Unexploited: The Hidden Story of China Telecom’ s BGP Hijacking

Hank Nussbacher hank at
Tue Nov 13 16:57:53 UTC 2018

On 05/11/2018 10:54, Tore Anderson wrote:
> * Harley H
>> Curious to hear others' thoughts on this. 
>> This paper presents the view that several BGP hijacks performed by China Telecom had malicious intent. The incidents are:
>> * Canada to Korea - 2016
>> * US to Italy - Oct 2016
>> * Scandinavia to Japan - April-May 2017
>> * Italy to Thailand - April-July 2017
>> The authors claim this is enabled by China Telecom's presence in North America.
> Hi,
> I looked a bit into the Scandinavia to Japan claim last week for a Norwegian
> journalist, who obviously found this rather sensational claim very intriguing.
> The article (Norwegian, but Google Translate does a decent job) is found at 
> in case you're interested.
> >From what I can tell from looking at routeviews data from the period, what
> happened was that SK Broadband (AS9318) was leaking a bunch of routes to
> China Telecom (AS4134). The leak included the transit routes from SKB's
> upstream Verizon (AS703) and customers of theirs in turn, including well-
> known organisations such as Bloomberg (AS10361) and Time Warner (AS36032),
> which I suppose might be the ones the paper is referring to.
> The routes in question then propagated from CT to Telia Carrier (AS1299),
> probably in North America somewhere. Scandinavia is TC's home turf, it
> makes sense that the detour via CT was easily observed from here.
> If you want to see for yourself, look for «1299 4134 9318 703» in
> Anyway, in my opinion the data for this particular incident (I haven't
> looked into the other three) does not indicate foul play on CT's behalf,
> but rather a pretty standard leak by SKB followed by sloppy filtering
> by CT and TC both.
> Tore
Internet Vulnerability Takes Down Google


More information about the NANOG mailing list