A considerable proportion of the mobile traffic generated in Europe was redirected on 6 June; according to web application security specialists, this happened through the infrastructure of China Telecom, the third largest Internet service provider in China.
According to reports, the incident was presented due to a leak in the BGP routes in the secure company of the host data center, which by mistake leaked more than 70k routes to the Asian Internet service provider.
According to web application security experts, the BGP protocol, used to redirect traffic at the Internet service provider level, causes a lot of problems, also stress that these leaks occur all the time. However, there are some security measures that Internet service providers can implement to prevent these BGP leaks from ending up in other companies’ networks.
The real problem arose in China Telecom that, instead of ignoring this leak from BGP, announced Safe Host routes as their own, interposing as one of the shortest routes to reach the Safe Host network and other telecom companies and Internet services suppliers.
Because of this, during the next two hours the traffic destined to multiple mobile networks in European countries deviated through the network of China Telecom; some of the most affected companies were in Holland, Switzerland and France.
Web application security experts mention that these routing incidents occur frequently and last only a few minutes, although this time the BGP routes were kept circulating for more than two hours. Users of affected companies suffer consequences such as slow connection or inability to connect to some servers.
For the specialists from the International Institute of Cyber Security (IICS) this is a sign of the little interest of companies like China Telecom for implementing basic routing security measures to avoid this kind of leaking; “the company does not have the necessary protocols to detect and solve this kind of incidents”, the experts mentioned.
In addition, on previous occasions, the Chinese company has been accused of kidnapping the “backbone” of Internet traffic in western countries.