Skip to main content
Welcome to
super saver spring
offer ends april 20
save over $140
Sale ends in
per week for 24 weeks
Welcome to
super saver spring
per week for 24 weeks
save over $140
// //

China Telecom, a state-owned telecommunications firm, has systematically diverted internet traffic in Canada and the United States by shunting it through its own network in an effort to commit espionage and steal intellectual property, two cybersecurity researchers say.

Yuval Shavitt of Tel Aviv University and Chris Demchak of the U.S. Naval War College in Newport, R.I., published a paper recently in Military Cyber Affairs, the journal of the Military Cyber Professionals Association, outlining how China has been rerouting Canadian and U.S. internet traffic via access points it has set up legally in North America, ostensibly to improve service for its customers.

Although the Chinese government has signed no-hacking agreements with numerous Western countries, including Canada and the United States, to prohibit direct attacks on computer networks, the accords did nothing to prevent the diverting of online traffic on key Western internet infrastructure, the authors say.

Story continues below advertisement

"China Telecom has ten strategically placed, Chinese-controlled internet ‘points of presence’ (PoPs) across the internet backbone of North America,” Prof. Shavitt and Prof. Demchak say. “Vast rewards can be reaped from the hijacking, diverting, and then copying of information-rich traffic going into or crossing the United States and Canada – often unnoticed and then delivered with only small delays.”

Global Affairs Canada said Greta Bossenmaier, the Prime Minister’s national security adviser, will raise the issue with senior Chinese officials at a security and legal affairs meeting in Beijing this year.

“Canada raises such issues with China regularly. The topic of cyber hacking will be a priority when the Canada-China National Security and Rule of Law Dialogue meets next,” Global Affairs spokesperson Stefano Maron said in a statement to The Globe.

Related: Foreign espionage of Canadian research a risk to ‘national interests,’ CSIS warns

Foreign telecom carriers set up such internet access points in North America in order to serve clients in their home countries and to expand business opportunities. PoPs also make it easier for these telecom firms to influence the routing of internet traffic. China Telecom has at least eight in the United States and two in Canada – in Toronto and Vancouver, the researchers say.

Using an Israeli-designed internet traffic route tracing system, the authors detected “unusual and systematic hijacking patterns associated with China Telecom.”

One such example the authors give is the diverting of routes between Canada and South Korean government sites. For six months beginning in February, 2016, internet traffic was diverted by China Telecom and routed through its PoP in Toronto, then forwarded to its PoP on the West Coast, then on to China and finally to South Korea. The shortest route for this traffic would normally have been Toronto to the United States to South Korea, the authors says. “That this pattern continued for six months is good evidence that this was no short term misconfiguration or temporary internet conditions disruption.”

Story continues below advertisement

They describe what happened with the Canadian internet traffic as the “perfect scenario for long-term espionage."

Prof. Shavitt said Monday that similar attacks have been recreated from China Telecom’s PoP in Toronto for shorter periods, including in 2018, when still more data being sent from Toronto to the South Korean government was diverted.

“It is a company that wants to make profits, of course, but it is also owned by the Chinese government and it is used by the Chinese government for these kinds of operations,” Prof. Shavitt said in an interview. “Those malicious activities are a small fraction of their activity. The major activity is commercial.”

Public Safety Minister Ralph Goodale’s office would not comment on the study.

The Communications Security Establishment, which is responsible for cybersecurity and signals intelligence, said it was aware of the report and that it takes any cyber threat seriously. The CSE said its new Canadian Centre for Cyber Security provides “extensive guidance to help Canadians secure their online communications.”

China Telecom did not respond to a request for comment. The Chinese embassy in Ottawa dismissed the Military Cyber Affairs report as “groundless speculation.”

Story continues below advertisement

“Cyber security is a complicated global issue given the fact that cyber attacks are conducted anonymously and across borders,” the embassy said in a statement. “The Chinese side calls for all parties to seek a common solution through enhanced dialogue and cooperation. Groundless speculation, hyping up or accusation is not helpful to solve the problem nor conducive to any party’s interests.”

The researchers – with expertise in electrical engineering and cybersecurity – say they discovered similar attacks on networks in Italy, Japan, Thailand and Scandinavia in 2016 and 2017, including traffic from U.S. locations to a large Anglo-American bank’s headquarters in Milan that terminated in China. The authors say that after the data was copied by China Telecom for encryption breaking and analysis, it was delivered to the intended networks with only small delays.

Prof. Shavitt said Canada and the United States should not be allowing China Telecom to set up PoPs in North America unless China allows Western telecoms to set up similar access points to internet infrastructure in China.

“There is no regulation [in North America] about who can own internet infrastructure ... and this is the main problem,” he said. “This is very substantial and critical infrastructure that is not regulated, and the government should actually take action and regulate who can own it."

The authors recommend that China Telecom be limited to one PoP in North America, which would be easy to monitor, but they also say it would be better if the state entity were limited to an access point in Hong Kong.

Beijing’s ruling Communist Party does not allow U.S. or Western telecoms to set up PoPs on China’s national internet network, which means its internet traffic is protected from foreign hijacking.

Story continues below advertisement

Prof. Shavitt said that creates a major imbalance in access between China and Western democracies, “which allows for malicious behavior by China through China Telecom at a time and place of its choosing, while denying the same to the U.S. and its allies.”

”Speaking about the current imbalance – where China forbids U.S. or Western telecom firms from internet ‘points of presence’ in China," said Richard Fadden, a former director of the Canadian Security Intelligence Service, “in dealing with China, it’s important to recall that what is good for the goose is not good for the gander. China often takes advantage of Western openness but does not reciprocate. It’s true in a variety of sectors – trade, rule of law, etc.”

The United States and Beijing signed an agreement in 2015 to stop conducting state-sponsored cyberattacks to steal private trade secrets and proprietary technology. Ottawa signed a similar accord with China in 2017, but the deal did not cover the hijacking of internet traffic.

This is not the first time China Telecom has been accused of internet traffic hijacking. In 2010, the company denied allegations by a U.S. congressional watchdog that it had hijacked significant volumes of internet traffic by redirecting it unnecessarily through servers in China. The U.S.-China Economic and Security Review Commission said on April 8, 2010, that China Telecom rerouted traffic sent to about 15 per cent of the internet’s destinations, including branches of the U.S. military, the U.S. Senate and companies such as Microsoft Corp.

Your Globe

Build your personal news feed

  1. Follow topics and authors relevant to your reading interests.
  2. Check your Following feed daily, and never miss an article. Access your Following feed from your account menu at the top right corner of every page.

Follow the authors of this article:

Follow topics related to this article:

View more suggestions in Following Read more about following topics and authors
Report an error Editorial code of conduct
Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to If you want to write a letter to the editor, please forward to

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

If you do not see your comment posted immediately, it is being reviewed by the moderation team and may appear shortly, generally within an hour.

We aim to have all comments reviewed in a timely manner.

Comments that violate our community guidelines will not be posted.

UPDATED: Read our community guidelines here

Discussion loading ...

To view this site properly, enable cookies in your browser. Read our privacy policy to learn more.
How to enable cookies