AT&T's Facebook Traffic Mysteriously Routed Through China

Friday, March 25, 2011



Barrett Lyon wrote an interesting article on the mysterious re-routing of AT&T customer's Facebook traffic through Chinese and then Korean telecoms.

Lyon did some analysis of the routing using a traceroute and discovered the following:

Typically AT&T customers’ data would have routed over the AT&T network directly to Facebook’s network provider but due to a routing mistake their private data went first to Chinanet then via Chinanet to SK Broadband in South Korea, then to Facebook. This means that anything you looked at via Facebook without encryption was exposed to anyone operating Chinanet, which has a very suspect Modus operandi.
This morning’s route to Facebook from AT&T:

route-server>show ip bgp (Facebook's www IP address)
BGP routing table entry for, version 32605349
Paths: (18 available, best #6, table Default-IP-Routing-Table)
Not advertised to any peer
7018 4134 9318 32934 32934 32934

The AS path (routing path) translates to this:

   1. AT&T (AS7018)
   2. Chinanet (Data in China AS4134)
   3. SK Broadband (Data in South Korea AS9318)
   4. Facebook (Data back to US 32934)

Current route to Facebook via AT&T:

route-server>sho ip bgp
BGP routing table entry for, version 32743195
Paths: (18 available, best #6, table Default-IP-Routing-Table)
Not advertised to any peer
7018 3356 32934 32934, (received & used)

While Lyon characterized the event as a being a mistake, this is not the first time something like this has happened.

Last November researchers revealed that Chinese telecom companies were able to redirect as much as 15% of worldwide internet traffic through China for more than 15 minutes in the spring of 2010.

Was this merely an error, as Lyon concludes, or was this another exercise conducted to test the rerouting methodology?

Either way, too many security events seem to have a Chinese connection, and when coupled with proven instances of state-sponsored Chinese cyber espionage, the totalitarian government's repeated denials of malicious intent have run thin.

Possibly Related Articles:
Facebook China internet Headlines Espionage AT&T BGP Chinanet
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.