China's Maxim: Leave No Access Point Unexploited. The Hidden Story of China's Telecom Hijacking of US Internet Traffic.

China has been busily building a prolific presence in the West's internet backbone for decades. Since 2000, the Chinese Communist Party has owned and operated Chinese Telecoms and their presence in the US. With this presence, they have managed to reroute much of the West's internet traffic to servers and telecoms they own and operate. This enables them to 1, Monitor all traffic, and 2, Manage all traffic. This access allows them to do just about anything in the Cyber realm.

In the early 2000's, China began a viral expansion into the West's internet traffic routing by becomming the communication fabric of the internet, which are PoP's (or Point of Presence), leveraging the widely-used and perfectly insecure Broader Gateway Protocol (BGP). That was the trap, and now here's the catch:

China has proven to, and actively does, use this access to identify targets (or people) who are less than friendly to the CCP (or it's choice propaganda). They can perform this without fear of being caught, as monitoring is less intrusive (and obvious) than targeted attacks. However, the CCP can and does use this vantage point to identify targets, in which to launch attacks through other vectors. The Peoples Liberation Army Unit 61398 is otherwise known as a few other nicknames or monikers: APT 1, Comment Crew, Comment Panda, GIF89a, etc. The CCP secretively operates both military and civilian cyber warfare / APT (Advanced Persistent Threat) groups, which are perpetually used on a full-time basis to infiltrate strategic targets (I have seen this first-hand, as attempted network intrusions dip for about an hour during their lunch break in Beijing). Another subject, entirely, but also worth noting is the "50 cent army," which is comprised of hundreds of thousands of Chinese citizens, who got its nickname due to their payment structure of ￥0.50 per post (as well as social credit points), who are responsible for nearly 1% of all social media comments in China, as well as many sites around the internet (including US-based sites and social media). This group does not engage in argument and is primarily tasked with swaying public opinion simply by performing online pro-China cheerleading and general praise of the CCP's happenings and policies (read Hong Kong, Taiwan, Coronavirus, etc).

Additionally, the CCP uses this middle-man vantage point of the West's internet traffic routing for the most coveted of vantage points among the hacker community: The MITM (Man-In-The-Middle). They leverage this ultimate level of access to launch numerous campaigns (the octopus of cyber warfare and espionage) to ensure that those who claim to be friendly to the CCP remain that way (paid operatives, Chinese expats and students with family remaining in China, and people in education, research, business, politics, defense, and technology, who often do not even known they are a pawn of the CCP - which they are - if not by complicity, then by complacency or blindly chasing dollars). This access, again, provides them the utmost coveted position within the cyber realm to their prospective targets: Between their target and their target's destination. From here, they are fully capable of launching cyber attacks on any person or entity. The ultimate characteristic of a hacker is anonymity. And when these MITM attacks are performed correctly, by talented teams, the attacks are completely unnoticeable to all but the very best. To reiterate: The MITM, also known as a Man-In-The-Middle attack, opens up pandora's box of opportune attacks for the CCP on the West's establishments.

Namely, a favorite attack vector from their vantage point is SSL stripping, where the target (you) are given the iron-clad appearance of a secure connection (SSL/HTTPS/VPN/TLS), which bolsters your trust in the privacy of your connection, while they receive all of your credentials and communications in cleartext form.

Through a MITM attack, just about anything is possible. And with their prevalence in the West's telecommunications networks, they can launch attacks on any target, and through a myriad of attack vectors, ranging from directed cyber assault, to indirect propagandist. Namely, a favorite direct attack vector from this vantage point is "SSL stripping," where the target (you) are given the iron-clad appearance of a secure connection (SSL/HTTPS/VPN/TLS/TFTP), which bolsters your trust in the privacy of your connection, all while they receive the entirety of your credentials and communications in clear-text format.

Obviously, this is of little concern to the laymen who look at pictures of cats all day, but this is most certainly an existential threat to our National Security, defense and technology sectors, and virtually every business that makes or designs any product (where copyright infringement reigns, and China-made replicas of your products pop up on Amazon, Alibaba, and others, for pennies on the dollar. This specific attack provides your billion dollar R&D budget to their startup institutions for free! Just look at Nortel, which was the largest telecom and employer in Canada, who went bankrupt in the late 2000's, in a perfect inverse correlation to the meteoric growth of a little-known Chinese-based startup at the time, called "Huawei."). An attack on our businesses is an attack on our economy. And an attack on our economy is an act of war.

As a state-sponsored hacker, the closer I can get to your network, the more capable I become; the quicker in which I can maneuver, and the more covertly I can slip in and out, all with minimal effort.

As China has a foothold in the West's telecoms, and Huawei (CCP-operated) home and business routers, MiFi hotspots, etc, and other network devices literally operating your home network and commanding the flow of your internet traffic, they wouldn't even need their positions within the West's internet backbone; they're already inside YOUR network. But they're also managing sizable portions of the West's internet, as well...

Adding fuel to this fire is that Huawei MiFi personal hotspots are the go-to in Europe and other areas. Could you imagine sitting in a coffee shop, afraid of the local threat, so you turn on your MiFi personal hotspot, and hand all of your traffic abroad to this overseas threat? Additionally, Xiaomi robotic vacuums and countless other "Made in China" home IoT (Internet of Things) devices, like home door locks, garage door openers, etc, have been caught snooping around home networks and exfiltrating unbelievable amounts of data. These devices may seem minuscule to some, but together, they tell an elaborate tale: Besides infiltrating your home network and the like, the threat breaches the cyber realm with vacuums revealing the square footage of your dwelling, suggesting your socioeconomic status, and your floor plan. IoT light bulbs reveal your hours of operation, and your personal bandwidth (how busy or sleep deprived are you?). Monitoring the 'time of use' of these devices can paint a very colorful picture into the lives of their victims, which have yet to comprehend the affliction that is the 'Trojan horse' they let through the gates, years ago. Anomalies in normal use can suggest domestic issues, and whether or not you are worn out or readily available, physically, mentally, or emotionally, to address an emerging threat, or welcome interest from a stranger. Match this data with other data points available, like which devices are currently at home, devices in listening range of an access point (you don't need to connect to my network for me to gather intel on you), and we can write a book on you. Better yet - As a state-sponsored hacker, I can collect all of these metrics automatically, run them through an algorithm, and populate a dashboard of prime targets, prime attack time, most fruitful attack vector, your marital status, and many other personal vulnerabilities, all without any human interaction or delegation, whatsoever.

Now, hopefully, your mind is wandering to answer internal questions you may have had, or provide additional color into the topics of today, which are a product ban on Huawei, or US tech companies being banned from selling their technology products to CCP-controlled institutions and other CCP actors, to today's 5G networks and banning 'China Telecom' from maturing their foothold in and further-deploying within our strategic infrastructure.

I'd love to hear your thoughts, in the comments below.

Title and inspiration of this post came from a revisit to the Naval War College's post: https://scholarcommons.usf.edu/mca/vol3/iss1/7/