'Action needed' on global data routing system to disrupt internet hijackers

News by Tom Reeve

Steps must be taken to protect the global internet routing system, built on the back of the border gateway protocol (BGP), from rogue operators such as China Telecom, according to a white paper from the Internet Society.

The foundations of the internet are at risk from rogue traffic directions which, either deliberately or accidentally, are slowing the internet and in some cases routing internet traffic through hostile networks.

In 2017 there were nearly 14,000 routing incidents affecting 10 percent of autonomous systems on the internet, according to the Internet Society.

Unless concerted action is taken at a global and governmental level, the situation will only get worse, experts warn.

The Internet Society has published a white paper, "Routing security for policymakers", to promote action on a problem which has been known about for years.

The global internet routing system is a complex, decentralised system comprising thousands of independent networks. The route that packeted information takes through these networks is controlled largely by the Border Gateway Protocol (BGP), a system that was designed to provide flexibility, scalability and durability.

However, the system is based on trust, with each node in the system believing by default the routing instructions or ‘announcements’ it receives from other nodes.

As Ryan Polk, a policy advisor at the Internet Society, explains, routing incidents have "the potential to slow down Internet speeds or even to make parts of the Internet unreachable, thus disrupting the ability of companies or users to access critical services or information".

Misleading routing information can also be used to divert packets through malicious networks, "providing an opportunity for surveillance", he said.

The Internet Society says there are three major types of routing incidents:

  • Route/prefix hijacking – a network operator or attacker impersonates another network operator, pretending that it is the correct path to the server or network being sought on the Internet
  • Route leaks – the propagation of routing announcements beyond their intended scope (in violation of their policies)
  • IP spoofing – creating IP packets with a false source IP address to hide the identity of the sender or impersonate another system

Chris C Demchak, director of the Center of Cyber Conflict Studies at the US Naval War College, and Yuval Shavitt, member of the Blavatnik Interdisciplinary Cyber Research Center at Tel Aviv University, recently published a paper entitled "China’s Maxim – Leave No Access Point Unexploited: The Hidden Story of China Telecom’s BGP Hijacking".

They claim that the state-owned China Telecom is being used to steal confidential information from US sources. China Telecom has ten internet points of presence (PoPs) in the North American internet backbone, they said, which is uses to selectively hijack and divert US internet traffic through China.

While declining to comment on its possible motives, Doug Madory, director of internet analysis at Oracle Cloud Infrastructure, agreed that China Telecom is misdirecting internet traffic.

Madory has worked on the problem for years and in a recent blog, discussed cases in 2017 in which China Telecom inserted itself into the inbound path of traffic destined for Verizon’s network.

The situation was addressed by Verizon deploying filters on its peering sessions with China Telecom to block Verizon routes from being accepted.  

Madory warns that the common defence against BGP hijacking is "looking for unexpected origins or immediate upstreams for routed address space". However, he said, traffic misdirection can occur at other parts of the path.

Alan Woodward, visiting professor in the computer science department at the University of Surrey, told SC Media UK: "From a geopolitical view you can understand why certain countries might want to explore how to divert traffic via their country."

Woodward has been concerned for years about the fragility of the BGP.

Interestingly, around 25 to 30 percent of the world’s internet traffic passes through the UK, a legacy of the old worldwide telegraph routes.

"There are initiatives to try to improve BGP now, but they are some way off and implementation is always going to be slow. Hence the underlying trust problems with BGP will remains for some time to come," Woodward said.

Solutions to the problem are being developed by the secure inter domain routing group of internet standards body the Internet Engineering Task Force (IETF), he said.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews