Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

GreatFire Accuses China of Intercepting CERNET Traffic to Google

From: Paul Howell <phowell () INTERNET2 EDU>
Date: Wed, 10 Sep 2014 18:19:20 +0000

Hi Everyone,

For campuses that have significant activities or campuses in China, the recent news of eavesdropping on CERNET should 
be of interest.   To my knowledge, this marks the first time that confirmation of a national research and education 
network (NREN) being targeted for surveillance has been made public.  There could have  been other occurrences of this 
sort of activity that were never detected and publicly reported on, we'll probably never know.  My guess is that this 
is not the first time however.

Reported in open sources:

GreatFire Accuses China of Intercepting CERNET Traffic to Google
http://www.hotforsecurity.com/blog/greatfire-accuses-china-of-intercepting-cernet-traffic-to-google-man-in-the-middle-attack-via-fake-x-509-certificates-10072.html
Online censorship monitor GreatFire accused the Chinese government of carrying out a MitM (Man-In-the-Middle) attack by 
intercepting encrypted SSL traffic between the China Education and Research Network (CERNET) and Google, according to a 
blog post.  "Instead of just outright blocking Google on CERNET, which would have raised the ire of students, educators 
and researchers across China, the authorities felt that a MITM attack would serve their purpose," the blog says. "By 
placing a man-in-the-middle, the authorities can continue to provide students and researchers access to Google while 
eavesdropping or blocking selective search queries and results."

Traffic analysis that confirms the interception is at:
http://www.netresec.com/?page=Blog&month=2014-09&post=Analysis-of-Chinese-MITM-on-Google

Knowing that it's happening is important and while there isn't a lot that can be done to thwart this activity, which is 
presumably lawful in China if conducted by the government, communicating risks and setting expectations within our 
communities can be helpful.   Many campuses have prepared travel guidance to protect electronic devices and information 
for domestic and international travel.   It might be worth indicating that NRENs may be subject to surveillance and 
eavesdropping.   I'd also suggest that CISOs of campuses with interests in China should bring this matter to the 
attention of their CIOs.

Regards.
Paul Howell
Chief Cyberinfrastructure Security Officer
Internet2
Previous By Date Next
Previous By Thread Next

Current thread: