Page:2020-06-09 PSI Staff Report - Threats to U.S. Communications Networks.pdf/71

This page has been proofread, but needs to be validated.

More recently, a 2018 paper from researchers at the U.S. Naval War College and Tel Aviv University detailed a series of incidents between 2016 and 2017 in which the Chinese government allegedly used China Telecom to hijack telecommunications traffic.[1] The incidents outlined included diversion of (1) traffic from Canada that was intended for Korean government sites; (2) traffic from various U.S. locations directed to a large Anglo-American bank based in Milan; (3) traffic from Sweden and Norway intended for the Japanese network of a large American news organization; (4) traffic from a large Italian financial company to Thailand; and (5) traffic from providers in South Korea.[2] The Director of Oracle's Internet Analysis Division confirmed the researchers' findings, although he stopped short of addressing claims about the motivations underlying the hijacks.[3]

The authors of the 2018 paper noted that all of the incidents involved routing of the diverted communications to China through CTA's points of presence in the United States.[4] They explained that China Telecom was in a unique position to engage in this activity because it had "strategically placed, Chinese controlled internet points of presence across the internet backbone of North America."[5] One of the authors informed the Subcommittee that he believed China Telecom could not have carried out such hijacking attacks if it had not established operations within the United States.[6]

The events described above all occurred prior to Team Telecom's first site visit to CTA. Alleged incidents, however, continued after Team Telecom's site visits. For example, in November 2018, for over an hour, China Telecom allegedly erroneously advertised routes from a Nigerian ISP that resulted in traffic being routed through China.[7] "This incident at a minimum caused a massive denial of service to G Suite and Google Search . . . . Overall [analysts] detected over 180 prefixes affected by this route leak, which covers a vast scope of Google services."[8]


  1. Shavitt & Demchak, supra note 109.
  2. Shavitt & Demchak, supra note 109, at 5-7.
  3. Madory, supra note 121. In describing the allegations, Madory referred to the incidents as "misdirections." See Madory, supra note 121.
  4. See Shavitt & Demchak, supra note 109, at 5-7.
  5. See generally Shavitt & Demchak, supra note 109. As noted above, as of 2020, CTA purports to have points of presence in 13 cities across America. See Global Data Center Map, China Telecom Americas, https://www.ctamericas.com/global-data-center-map/.
  6. Briefing with BGProject (July 1, 2019).
  7. Ameet Naik, Internet Vulnerability Takes Down Google, Thousand Eyes Blog (Nov. 12, 2018), https://blog.thousandeyes.com/internet-vulnerability-takes-down-google/.
  8. Id. China Telecom denied hijacking the data. In a release, it noted that the company "promptly commenced a serious and thorough investigation . . . [which] found that the re-routing of Google data traffic stemmed from erroneous routing configuration by a Nigerian operator MainOne Cable . . . causing the Google data traffic, which was originally directed by MainOne Cable, to be mistakenly sent to China Telecom." The company also acknowledged that "it is normal for Americas or Europe data traffic to route through China Telecom's international network." Press Release, China Telecom Corp. Ltd., Statement Regarding the Unfounded Report on China Telecom Being

67