Researchers at the U.S. Naval War College and Tel Aviv University have found evidence to suggest that China Telecom is using Border Gateway Protocol (BGP) to hijack Internet traffic and route it through computers under its control, Sophos reported.
While it is usually difficult to prove that such an attack is anything more than an accident, such as a misconfigured router, the researchers said that their special route-tracing system hosted at the University of Tel Aviv is capable of detecting unusual patterns in BGP announcements.
This system has helped the researchers pick up a series of unusual routing events since 2016 that they believe were too consistent in their duration and scale to be dismissed as accidents.
BGP hijacking occurs when the operator of a network advertises that it can deliver Internet traffic to the IP addresses belonging to another network.
The BGP hijacking conducted by China Telecom involved traffic to a “large Anglo-American bank headquarters” in Milan, Italy from the United States, as well as traffic from Canada to Korean government sites.
“While one may argue such attacks can always be explained by ‘normal’ BGP behaviour, these, in particular, suggest malicious intent,” they said.