{"id":200304,"date":"2019-02-01T02:06:19","date_gmt":"2019-02-01T07:06:19","guid":{"rendered":"https:\/\/canadianinquirer.net\/v1\/?p=200304"},"modified":"2019-02-01T02:06:19","modified_gmt":"2019-02-01T07:06:19","slug":"israeli-cyberexpert-detects-china-hack-in-ottawa-warns-against-using-huawei-5g","status":"publish","type":"post","link":"https:\/\/canadianinquirer.net\/v1\/2019\/02\/01\/israeli-cyberexpert-detects-china-hack-in-ottawa-warns-against-using-huawei-5g\/","title":{"rendered":"Israeli cyberexpert detects China hack in Ottawa, warns against using Huawei 5G"},"content":{"rendered":"
\"\"<\/a>
SHANGHAI CHINA – NOVEMBER 1, 2016: China Telecom. China Telecom is is an integrated information full services operator in China. (TK Kurikawa \/ Shutterstock.com)<\/figcaption><\/figure>\n

OTTAWA — A Chinese telecommunication company secretly diverted Canadian internet traffic to China, particularly from Rogers subscribers in the Ottawa area, says an Israeli cybersecurity specialist.<\/p>\n

The 2016 incident involved the surreptitious rerouting of the internet data of Rogers customers in and around Canada’s capital by China Telecom, a state-owned internet service provider that has two legally operating \u201cpoints of presence\u201d on Canadian soil, said Yuval Shavitt, an electrical-engineering expert at Tel Aviv University.<\/p>\n

Shavitt told The Canadian Press that the China Telecom example should serve as a caution to the Canadian government not to do business with another Chinese telecommunications giant: Huawei Technologies, which is vying to build Canada’s next-generation 5G wireless communications networks.<\/p>\n

\u201cIt’s too dangerous to let them in,\u201d Shavitt said. \u201cYou can just imagine how Chinese companies are co-operating with the Chinese government.\u201d<\/p>\n

The Trudeau government is still deciding whether Huawei will be permitted to supply equipment and services to Canadian companies seeking to build the networks expected to serve everything from smartphones to autonomous cars.<\/p>\n

That has become a politically charged decision with massive geopolitical implications since Canada arrested Huawei’s chief financial officer last month at the request of the U.S. It sparked a diplomatic crisis with the People’s Republic that has seen the jailing of two Canadian men working in China, and a death sentence imposed on a third man previously convicted of drug charges.<\/p>\n

Shavitt’s warning comes as the U.S. Justice Department this week revealed the scope of its fraud and theft case against Huawei’s Meng Wanzhou. On Monday, the department unsealed 13 criminal counts of conspiracy, fraud and obstruction against Meng, while her company’s U.S. branch was accused of stealing trade secrets and equipment from cellphone provider T-Mobile USA.<\/p>\n

Huawei has denied that it co-operates with Chinese intelligence or ever would, saying that could be fatal to the company.<\/p>\n

The 2016 Ottawa area incident that included Rogers was part of an attack in which Canadian internet data bound for South Korea was rerouted to China over a six-month period. The diversion of the South Korean data was first documented in a report last fall co-authored by Shavitt and Chris C. Demchak of the U.S. Naval War College.<\/p>\n

The report described how China Telecom uses two points of presence in Canada and eight in the United States to take \u201cinformation-rich\u201d internet traffic crossing its network — part of the ordinary working of the internet, in which packets of data pass through numerous servers on the way to their destinations — and reroute it through China with no noticeable effect on customers.<\/p>\n

China Telecom did not respond to a request for comment.<\/p>\n

Rogers declined comment and referred the matter to the Public Safety Department. Public Safety did not respond to requests for comment.<\/p>\n

A spokesman for Global Affairs Canada said the government \u201ctakes very seriously threats to Canada’s national and economic security,\u201d exchanges information regularly with private internet companies and has meetings with China on the subject, too.<\/p>\n

\u201cCanada raises such issues with China regularly,\u201d Guillaume Berube said in an email. \u201cThe topic of cyber hacking will be a priority when the Canada-China National Security and Rule of Law Dialogue meets next.\u201d<\/p>\n

The Shavitt-Demchak report called internet points of presence the \u201cperfect scenario for long-term espionage\u201d because local alarm bells won’t be raised \u201cabout the long-term traffic detours.\u201d<\/p>\n

The Canada-South Korea diversion was discovered by a company Shavitt co-founded called BGProtect that monitors internet routing infrastructure and sells services to protect countries and corporations from internet hacks. He said he used some of his company’s data to write the academic paper with Demchak.<\/p>\n

Shavitt described how hundreds of his company’s agents around the world monitor movements in the digital world. He said that could involve focusing on \u201ca certain installation, an IP or server. We pick up locations around the world, and monitor the traffic and look for anomalies.<\/p>\n

\u201cIn this case the anomaly was from Canada.\u201d<\/p>\n

In a followup email, Shavitt provided further details: \u201cOur software agent was indeed at Ottawa, but the attack had affected the entire Rogers network (at least) and its customers in the entire region.\u201d<\/p>\n

Shavitt said his company’s monitoring of Canada \u201cwas not dense enough\u201d at the time of the attack to assess its full scope.<\/p>\n

In the case of national network like Rogers’ in a large country such as Canada, the attack might affect only a \u201cportion of the network, (but) usually still quite large ones — it depends how routing is configured. For example in our case, it may affect only Ontario and Quebec, but not the western regions of Canada,\u201d Shavitt explained.<\/p>\n

\u201cI should say that the effect of the hijack is not only on Rogers’s direct customers (home and businesses) but also smaller networks in the affected regions that depend on Rogers for transit.\u201d<\/p>\n

A hijack attack can be used in many ways, including for espionage by \u201cextracting important information from communication,\u201d said Shavitt.<\/p>\n

The attack can also be part of what is known as man-in-the-middle attacks, he said.<\/p>\n

A man-in-the-middle attack can neutralize an organization’s internet security measures because it involves the insertion of a \u201cbad actor\u201d between a sender and the desired recipient, says the Shavitt-Demchak report.<\/p>\n

When the internet traffic is rerouted into an adversary’s hands, \u201cthe attacker can learn enough to impersonate trusted sources\u201d and \u201ccan allow the malicious attacker to harvest passwords,\u201d the report says.<\/p>\n

\u201cWith those keys to the victim’s network in hand, attackers can distort, disconnect or destroy any part of the company’s network accessible from the internet, increasingly to include critical financial and physical systems and their backups.\u201d<\/p>\n

The Chinese government steadfastly denies engaging in cyberattacks.<\/p>\n

In 2014, the federal government blamed a sophisticated state-sponsored Chinese entity for a breach that caused a shutdown of the National Research Council’s systems in Ottawa. China called that accusation reckless.<\/p>\n

In 2016, the Canadian Security Intelligence Service, or CSIS, warned that China and Russia were targeting Canadian government officials and information systems as well as classified information and advanced technology.<\/p>\n

Without naming any countries, David Vigneault, CSIS’s new director, said in a December speech that \u201chostile foreign intelligence services\u201d were targeting the \u201ccorporate secrets\u201d and \u201cintellectual property\u201d of Canadian companies.<\/p>\n

Vigneault said those state actors posed a greater threat to national security than terrorists do.<\/p>\n

\u201cIt’s not that the Chinese are bad, or doing bad things in the U.S.,\u201d Shavitt noted. \u201cI’m sure that the U.S. and Canada are trying to do the same also to China. It’s a spying game that everybody’s trying to play.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"

OTTAWA — A Chinese telecommunication company secretly diverted Canadian internet traffic to China, particularly from Rogers subscribers in the Ottawa …<\/p>\n","protected":false},"author":33,"featured_media":200308,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[18,16],"tags":[],"class_list":["post-200304","post","type-post","status-publish","format-standard","has-post-thumbnail","category-news-ca","category-news","mauthors-mike-blanchfield","mauthors-the-canadian-press"],"_links":{"self":[{"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/posts\/200304","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/users\/33"}],"replies":[{"embeddable":true,"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/comments?post=200304"}],"version-history":[{"count":0,"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/posts\/200304\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/media\/200308"}],"wp:attachment":[{"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/media?parent=200304"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/categories?post=200304"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/tags?post=200304"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}