Security Experts:

Connect with us

Hi, what are you looking for?


Network Security

China Telecom Routes European Traffic to Its Network for Two Hours

For two hours last week, a BGP route leak resulted in large portions of European Internet traffic being routed through China Telecom’s network.

For two hours last week, a BGP route leak resulted in large portions of European Internet traffic being routed through China Telecom’s network.

According to a report from Oracle, the incident started at 09:43, on June 6, 2019, and consisted of Swiss data center colocation company Safe Host leaking over 70,000 routes to China Telecom in Frankfurt, Germany.

The Chinese telecommunication company then announced these routes on to the global Internet, which resulted in large amounts of web traffic destined for some of the largest European mobile networks to be redirected through China Telecom’s network. 

European networks that were most impacted by the route leak included Swisscom of Switzerland, KPN of Holland, and Bouygues Telecom and Numericable-SFR of France. 

“Often routing incidents like this only last for a few minutes, but in this case many of the leaked routes in this incident were in circulation for over two hours. In addition, numerous leaked routes were more-specifics of routed prefixes, suggesting the use of route optimizers or similar technology,” Oracle’s Doug Madory explains

Over 1,300 Dutch prefixes were announced in this leak, and 470 routes of KPN went through China Telecom’s network. The same happened for 64 routes of Swisscom, out of 200 Swiss prefixes announced by the leak. 

Oracle observed 150 Bouygues Telecom prefixes in the leak, including 127 more-specifics of existing routes and also noticed that even some of its own traceroute measurements were sucked into this routing leak. One that begins in Google in Ashburn, Virginia was detoured through China Telecom en-route to its destination in Vienna, Austria. 

This is not the first route leak incident involving China Telecom and is likely not the last. A report published in December last year revealed that the carrier has been constantly misdirecting Internet traffic through its network in China for several years. 

The new incident shows that the Chinese carrier has yet to take the necessary precautions to avoid similar re-routes from happening, and also proves that the problem of BGP route leaks continues to persist. 

“China Telecom, a major international carrier, has still implemented neither the basic routing safeguards necessary both to prevent propagation of routing leaks nor the processes and procedures necessary to detect and remediate them in a timely manner when they inevitably occur. Two hours is a long time for a routing leak of this magnitude to stay in circulation, degrading global communications,” Oracle notes. 

Related: China Telecom Constantly Misdirects Internet Traffic

Related: Google Services Inaccessible Due to BGP Leak

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Our networks have become atomized which, for starters, means they’re highly dispersed. Not just in terms of the infrastructure – legacy, on-premises, hybrid, multi-cloud,...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...