Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
China Crime Network The Internet News

Chinese ISPs Caught Injecting Ads And Malware In Their Network Traffic (thehackernews.com) 77

Chinese Internet Service Providers (ISPs) have been caught red-handed for injecting advertisements as well as malware through their network traffic. Three Israeli researchers uncovered that the major Chinese-based ISPs named China Telecom and China Unicom, two of Asia's largest network operators, have been engaged in an illegal practice of content injection in network traffic. Chinese ISPs had set up many proxy servers to pollute the client's network traffic not only with insignificant advertisements but also malware links, in some cases, inside the websites they visit. If an Internet user tries to access a domain that resides under these Chinese ISPs, the forged packet redirects the user's browser to parse the rogue network routes. As a result, the client's legitimate traffic will be redirected to malicious sites/ads, benefiting the ISPs.
This discussion has been archived. No new comments can be posted.

Chinese ISPs Caught Injecting Ads And Malware In Their Network Traffic

Comments Filter:
  • Nice (Score:5, Insightful)

    by Greyfox ( 87712 ) on Sunday February 28, 2016 @04:27PM (#51604739) Homepage Journal
    See? We're not so different after all!
  • by Anonymous Coward on Sunday February 28, 2016 @04:33PM (#51604779)

    China eh? Always trustworthy.
    Glad all of our electronics aren't manufactured there right?

  • I wish more ISP's would start injecting ads to replace those injected by the Almighty GOOG. You rarely see text ads anymore which were the only somewhat tolerable (in small doses) of ads and now that the Almighty GOOG controls the market prices have gone out of all proportion and way out of budget for a lot of smaller companies.

    It would be worth it even just to see the Almighty GOOG throw more of their weight behind net neutrality (because now they only support it when it suits them)
    • by GuB-42 ( 2483988 ) on Sunday February 28, 2016 @05:42PM (#51605173)

      1- High price for ads is a good thing.
      2- The "Almighty GOOG" does not "inject" ads. It puts them where the original site owner tell they should be placed, in exchange for money.
      3- Ad injection/replacement by ISPs is the worst. The ad provider and most importantly the content owner lose money and you still see ads. And unlike with ad-blockers you can't turn it off if you want to support the site you are visiting. The ISP shouldn't serve you ads, you already pay it with money.

      • The ISP shouldn't serve you ads, you already pay it with money.

        That doesn't stop Hulu.

        • Not to mention you are basically stealing food from the mouths of the providers children by not allowing them to monitize everything about you. In fact, you should preemptivly give them a json file with all your particulars and those of your families. Hell, include the pets too!
    • by wbr1 ( 2538558 )
      Point out flashy, animated, noisy, malware ridden ads from google please. Goggle may not be innocent, but they ar far, far, from the worst offender in this realm.
  • Bu.. bu.. bu.. bu.. but the USA does this all the time! And it does it more and worse!!! And the U. S. A. !!!! blah....
  • https (Score:2, Insightful)

    by Anonymous Coward

    HTTPS everywhere please.

    • by Anonymous Coward

      Won't matter when the ISP's enforce client certificates in order to connect to the Internet. Then we are all screwed.

  • Questions (Score:5, Interesting)

    by Archtech ( 159117 ) on Sunday February 28, 2016 @04:51PM (#51604881)

    "Three Israeli researchers uncovered that the major Chinese-based ISPs named China Telecom and China Unicom, two of Asia's largest network operators, have been engaged in an illegal practice of content injection in network traffic".

    As a matter of interest, what laws does this contravene? If it happens in China, isn't it a matter for Chinese law? And is it likely that the Chinese government, which is often said to monitor all network traffic assiduously, would fail to notice such practices?

    Also, I am doubtful about taking the word of Israeli researchers on such a matter. Israel, like the USA, has been deeply involved in hacking, spying, mass surveillance and even the insertion of (no doubt "illegal" an certainly extremely damaging) viruses such as Stuxnet. Presumably people who would engage systematically in such activities would not be beyond falsifying research findings.

    • I was just thinking of the use of the word "illegal" there and then I happened to read your comment; which country's laws are the ones that are being talked about here and is this actually illegal in China or not? Did those Israeli researchers report this practice to any authorities or are they just fishing for attention, but not actually doing anything about this otherwise? Also, if they did report this stuff to authorities and if it was illegal in China how likely is it that anything will be done and what

    • by ttsai ( 135075 )

      "Three Israeli researchers uncovered that the major Chinese-based ISPs named China Telecom and China Unicom, two of Asia's largest network operators, have been engaged in an illegal practice of content injection in network traffic".

      As a matter of interest, what laws does this contravene? If it happens in China, isn't it a matter for Chinese law? And is it likely that the Chinese government, which is often said to monitor all network traffic assiduously, would fail to notice such practices?

      Good point. This may not actually be illegal in China. It may also be expected from Chinese users. However, it is scary, nonetheless.

      Also, I am doubtful about taking the word of Israeli researchers on such a matter. Israel, like the USA, has been deeply involved in hacking, spying, mass surveillance and even the insertion of (no doubt "illegal" an certainly extremely damaging) viruses such as Stuxnet. Presumably people who would engage systematically in such activities would not be beyond falsifying research findings.

      If Israelis and Americans are "deeply involved in hacking, spying, mass surveillance ...", that would make them experts that would actually know about these things and how to detect them. The allegation that experts would necessarily be more prone to falsifying findings is a non sequitur. There may be reasons to assume a propensity to propaganda on the part of the Israeli

  • by SeaFox ( 739806 ) on Sunday February 28, 2016 @04:53PM (#51604889)

    The major Chinese ISPs are the major telecom providers. Aren't those State owned?

    Would anyone really have the guts to complain to the government.

    • More like, if you complain, they take your guts.
    • by gl4ss ( 559668 )

      complain to the party that the isp running officials are profiteering from state owned hardware.

      depending on the sum profiteered they get either prison or worse.

      oh and most likely scenario is just that they're simply injecting ads and by 'they' I mean some entrepreneur downline in the organization most likely, who just happens to have access or authority to turn it on. that the ads contain malware is just a side effect.

      just a few month ago the ads on slashdot contained malware("app store install" type of sh

      • by Z00L00K ( 682162 )

        besides than that, the copyrights and such aren't that different over in china.. they're just very sloppily enforced.

        Rather like not enforced at all except if it's infringing on the rights of some local VIP.

    • Re: (Score:3, Interesting)

      yes, they are even set up in some pseudo rivalry. I assume it was intended, originally, to create some sort of competition. Except it created a duopoly where they both carved up the market between them. i.e. in some parts of town you can only get China Telecom and Unicom will simply tell you they don't serve that area, and the other way round.

      However, they also make life difficult. Competition, in Chinese terms, is not making life for the other corporation difficult, but for its customers. They too are the

  • I suggest you look into your browser\OS's list of trusted CAs. You'll find many many questionable ones to say the least.
    Turkish, hongkongese, taiwanese and yes, even chinese ones.

    • by Anonymous Coward

      You're right, that's an issue. It would have been nice if there was a browser plugin to allow the user to assign ratings to all the root certs that come bundled with the browsers. That way, I would at least get a 'warning' if I was about to visit a site certified by a CA that I marked as 'low trust' .. I would then have the chance to cancel the navigation or run with extra restrictions, or run in a sandboxed browser... and know that the content could be dubious.

  • Not news? (Score:5, Informative)

    by NickHydroxide ( 870424 ) on Sunday February 28, 2016 @05:52PM (#51605225)
    I lived in China for a number of years, and this has been going on for a long time now (at least, with my ISP China Unicom). Absolute PITA, but that pretty much describes most online experiences in China (with the exception of Taobao, which is head and shoulders above Ebay).
    • by ebonum ( 830686 )

      Mod up parent. This is old news. They have been doing this for a decade or more.

    • Re:Not news? (Score:4, Interesting)

      by Balthisar ( 649688 ) on Sunday February 28, 2016 @10:05PM (#51606289) Homepage

      China Unicom on my phone is pretty good at not making it obvious that they're tampering with my traffic. They're also pretty friendly to VPNs running on my phone.

      China Telecom, though, provides my home fiber service, and I've been getting their ads for years and years, including on my own sites! Calling and complaining about it has never had any effect. Unfortunately China Telecom is getting better and better at detecting and taking down VPNs, meaning that I can't leave my router-based VPN running all the time.

      The fact that these ads are served over Bing makes me wonder why Microsoft doesn't get involved...

      And, yeah, Bing is crap (for what I search for), but at least it works when the VPN isn't connecting.

  • Seriously, I refresh the IP space evey week for China, Russa, Africa and starting to look at South America. I can say it helped immensely on the spam to my grandma even before it gets to spam assassin. If I have to virtually visit those county, it all goes though a vmware image though an anonymous internet vpn. It sounds insane till you get ping ddosed from a site you just visited:P
    • It sounds insane till you get ping ddosed from a site you just visited:P

      ping ddosed? I remember doing that........... in 1997 it was a thing.

  • Every once in a while I got Chinese ads served on Western websites that never serve ads otherwise, especially not Chinese ones, and it would only stop when the VPN was turned on. The ads were in most case pop-overs that would appear on the bottom of pages. I suspected long ago that China Telecom was somehow adding their own ads to my browsing "experience".

    • View source. You'll see a single line of Javascript when this bullshit happens. So far in all cases, reloading the page fixes it.

      This is especially infuriating, though, when trying to use a search engine. When I'm not using a VPN I usually use Bing because it actually works. When these ads pop up they actually make Bing unusable. Their shitty Javascript interferes.

      • interesting. I never bothered to look at the source. But I haven't encountered any of these ads recently as I'm pretty much on a VPN 99.99% of the time. Most outside websites are pretty much unusable without VPN these days. Im lucky that my company is a WFOE and shells out good money so they can afford a legal VPN that bypasses most of the bullshit the GFW and Chinese ISPs throw at you.

  • by dwillden ( 521345 ) on Monday February 29, 2016 @06:32AM (#51607303) Homepage
    In 2008 while deployed to Afghanistan I noticed many sites displaying as corrupted and started digging. Turns out the internet service provided for personal use by troops was subject suffering from this. The service (which we paid for) was satellite service operated on the base by Indian Nationals but was routing through Chinese internet providers and every url served had a script injected. I complained, and raised the security concerns but it was never fixed. It was clumsily done so no-script blocked the injected script and my websites started displaying properly again. But I didn't really have the time or resources to dig further.

"You show me an American who can keep his mouth shut and I'll eat him." -- Newspaperman from Frank Capra's _Meet_John_Doe_

Working...