During a window that lasted 30 minutes to an hour Tuesday morning, all unencrypted traffic passing between AT&T customers and Facebook might have been open to similar monitoring. Lyon said he has no evidence any data was in fact snarfed, but he said the potential for that is certainly there because the hardware belonged to China Telecom, which in turn is owned by the Chinese government.
“This kind of thing happens all the time, sometimes on accident and sometimes on purpose,” he told The Reg. “I think people should talk about it at the very least.”
It’s not the first time traffic has been diverted through Chinese networks under mysterious circumstances. In March and April of last year, traffic to as much as 15 percent of the world’s internet destinations was briefly diverted through China. Networks used by Dell, Apple, CNN, and Starbucks were all affected. At least one of those incidents was the result of erroneous BGP, or Border Gateway Protocol, routes that were quickly corrected.
Unlike those incidents, Tuesday’s diversion appeared to affect only traffic traveling between AT&T users and Facebook. Lyon discovered the anomaly by telnetting into AT&T’s IP Services Route Monitor (telnet://route-server.ip.att.net) and typing various commands, such as “show ip bgp 69.171.224.20/20.”
Traceroute commands executed during the brief window Tuesday morning on machines connected to AT&T’s network also verified that Facebook-bound traffic was traveling over
AS4134, the Autonomous System belonging to China Telecom, Lyon said.
»
www.hackerrepublic.it/wo ··· ese-isp/Safe Browsing
Diagnostic page for AS4134 (China Telecom backbone)What happened when Google visited sites hosted on this network?
Of the 110852 site(s) we tested on this network over the past 90 days, 5979 site(s), including, for example, pcpop.com/, jtjy.com/, sosoyy.com/, served content that resulted in malicious software being downloaded and installed without user consent.
The last time Google tested a site on this network was on 2011-03-27, and the last time suspicious content was found was on 2011-03-27.
Has this network hosted sites acting as intermediaries for further malware distribution?
Over the past 90 days, we found 456 site(s) on this network, including, for example, ukad.com/, 772268.com/, 888758.com/, that appeared to function as intermediaries for the infection of 4495 other site(s) including, for example, j8wap.info/, lmav.info/, wapj8.info/.
Has this network hosted sites that have distributed malware?
Yes, this network has hosted sites that have distributed malicious software in the past 90 days. We found 1610 site(s), including, for example, 77276.com/, htmi2.com/, registear.info/, that infected 12906 other site(s), including, for example, 360doc.com/, fxhj.net/, ches.org.cn/.
»
www.google.com/safebrows ··· =AS:4134The brief routing error was highlighted by security researcher Barrett Lyon, who identified that AT&T customers, when requesting data from Facebook, were first sending their requests via China, then Korea, before completing the request on Facebook’s servers.
Despite a momentary routing error, there was no evidence to suggest any sensitive information was compromised, but Lyon did highlight that Chinese authorities were likely to be monitoring unencrypted traffic being passed via servers on China Telecom networks, which are owned by the Chinese government.
Routing looked only to be affecting requests from AT&T users, with Lyon discovering the error by accessing AT&T’s IP Services Route Monitor. Using Telnet, he was able to perform a series of commands to identify how traffic was being routed from the provider.
Facebook issued a statement to The Register, confirming a single carrier was suffering from routing problems:
We are investigating a situation today that resulted in a small amount of a single carrier’s traffic to Facebook being misdirected. We are working with the carrier to determine the cause of this error.
Our initial checks of the latency of the requests indicate that no traffic passed through China.
If you are on AT&T and are worried about how you Facebook data is handled, Facebook has recently introduced a HTTPS-only option on it website which will ensure all Facebook data is securely encrypted, making sure third-parties aren’t easily able to monitor sensitive internet traffic.
To enable the option, log into Facebook and select Account Settings -> Account Security and then check the box that says “Browse Facebook on a secure connection (https) whenever possible.”
»
thenextweb.com/facebook/ ··· a-china/“Typically AT&T customers’ data would have routed over the AT&T network directly to Facebook’s network provider but due to a routing mistake their private data went first to ChinaNet then via ChinaNet to SK Broadband in South Korea, then to Facebook,” Lyon explained in a blog post.
“This means that anything you looked at via Facebook without encryption was exposed to anyone operating ChinaNet, which has a very suspect Modus operandi,” he added.
Meanwhile, several network security experts believe that it was more than just a mistake that the traffic was routed through China. Rodney Joffe, senior technologist at DNS (Domain Name System) registry Neustar, described the incident as 'route hijacking'.
»
www.itproportal.com/2011 ··· concern/
·
·
·
