Educause Security Discussion mailing list archives
GreatFire Accuses China of Intercepting CERNET Traffic to Google
From: Paul Howell <phowell () INTERNET2 EDU>
Date: Wed, 10 Sep 2014 18:19:20 +0000
Hi Everyone, For campuses that have significant activities or campuses in China, the recent news of eavesdropping on CERNET should be of interest. To my knowledge, this marks the first time that confirmation of a national research and education network (NREN) being targeted for surveillance has been made public. There could have been other occurrences of this sort of activity that were never detected and publicly reported on, we'll probably never know. My guess is that this is not the first time however. Reported in open sources: GreatFire Accuses China of Intercepting CERNET Traffic to Google http://www.hotforsecurity.com/blog/greatfire-accuses-china-of-intercepting-cernet-traffic-to-google-man-in-the-middle-attack-via-fake-x-509-certificates-10072.html Online censorship monitor GreatFire accused the Chinese government of carrying out a MitM (Man-In-the-Middle) attack by intercepting encrypted SSL traffic between the China Education and Research Network (CERNET) and Google, according to a blog post. "Instead of just outright blocking Google on CERNET, which would have raised the ire of students, educators and researchers across China, the authorities felt that a MITM attack would serve their purpose," the blog says. "By placing a man-in-the-middle, the authorities can continue to provide students and researchers access to Google while eavesdropping or blocking selective search queries and results." Traffic analysis that confirms the interception is at: http://www.netresec.com/?page=Blog&month=2014-09&post=Analysis-of-Chinese-MITM-on-Google Knowing that it's happening is important and while there isn't a lot that can be done to thwart this activity, which is presumably lawful in China if conducted by the government, communicating risks and setting expectations within our communities can be helpful. Many campuses have prepared travel guidance to protect electronic devices and information for domestic and international travel. It might be worth indicating that NRENs may be subject to surveillance and eavesdropping. I'd also suggest that CISOs of campuses with interests in China should bring this matter to the attention of their CIOs. Regards. Paul Howell Chief Cyberinfrastructure Security Officer Internet2
Current thread:
- GreatFire Accuses China of Intercepting CERNET Traffic to Google Paul Howell (Sep 10)