Chinese ISPs Caught Injecting Ads And Malware In Their Network Traffic

Chinese Internet Service Providers (ISPs) have been caught red-handed for injecting advertisements as well as malware through their network traffic. Three Israeli researchers uncovered that the major Chinese-based ISPs named China Telecom and China Unicom, two of Asia's largest network operators, have been engaged in an illegal practice of content injection in network traffic. Chinese ISPs had set up many proxy servers to pollute the client's network traffic not only with insignificant advertisements but also malware links, in some cases, inside the websites they visit. If an Internet user tries to access a domain that resides under these Chinese ISPs, the forged packet redirects the user's browser to parse the rogue network routes. As a result, the client's legitimate traffic will be redirected to malicious sites/ads, benefiting the ISPs.

Nice

[Greyfox]

See? We're not so different after all!

Re:

[myowntrueself]

Now we only need some mass shootings and a song on schools saluting the Chinese flag.

And Chinese national anthem on every. single. fucking. sporting event.

I'm a good citizen.

[penguinoid]

I use special software to make sure that scum like this can't profit from my internet connection.

I'm shocked...well not that shocked

[Anonymous Coward]

China eh? Always trustworthy.
Glad all of our electronics aren't manufactured there right?

I don't blame them

[ickleberry]

I wish more ISP's would start injecting ads to replace those injected by the Almighty GOOG. You rarely see text ads anymore which were the only somewhat tolerable (in small doses) of ads and now that the Almighty GOOG controls the market prices have gone out of all proportion and way out of budget for a lot of smaller companies.

It would be worth it even just to see the Almighty GOOG throw more of their weight behind net neutrality (because now they only support it when it suits them)

Re:I don't blame them

[GuB-42]

1- High price for ads is a good thing.
2- The "Almighty GOOG" does not "inject" ads. It puts them where the original site owner tell they should be placed, in exchange for money.
3- Ad injection/replacement by ISPs is the worst. The ad provider and most importantly the content owner lose money and you still see ads. And unlike with ad-blockers you can't turn it off if you want to support the site you are visiting. The ISP shouldn't serve you ads, you already pay it with money.

Re:

[Dcnjoe60]

The ISP shouldn't serve you ads, you already pay it with money.

That doesn't stop Hulu.

Re: I don't blame them

[valdezjuan]

Not to mention you are basically stealing food from the mouths of the providers children by not allowing them to monitize everything about you. In fact, you should preemptivly give them a json file with all your particulars and those of your families. Hell, include the pets too!

Re:

[wbr1]

Point out flashy, animated, noisy, malware ridden ads from google please. Goggle may not be innocent, but they ar far, far, from the worst offender in this realm.

Bu.. bu.. bu.. bu.. but the USA

[S48D31F68E4S2]

Bu.. bu.. bu.. bu.. but the USA does this all the time! And it does it more and worse!!! And the U. S. A. !!!! blah....

https

[Anonymous Coward]

HTTPS everywhere please.

Re:

[KGIII]

> The rest of us want a secure and reliable internet.

That's amusing. It really is. This mishmash of "stuff" we call the internet is not now (nor will it ever be) secure *or* reliable. HTTPS is not going to change that. If you knew what drove and provisions the internet, well... Lemme just say, you shouldn't be pissed when it fails, you should be shocked that it works at all.

Re: https

[Anonymous Coward]

Won't matter when the ISP's enforce client certificates in order to connect to the Internet. Then we are all screwed.

Questions

[Archtech]

"Three Israeli researchers uncovered that the major Chinese-based ISPs named China Telecom and China Unicom, two of Asia's largest network operators, have been engaged in an illegal practice of content injection in network traffic".

As a matter of interest, what laws does this contravene? If it happens in China, isn't it a matter for Chinese law? And is it likely that the Chinese government, which is often said to monitor all network traffic assiduously, would fail to notice such practices?

Also, I am doubtful about taking the word of Israeli researchers on such a matter. Israel, like the USA, has been deeply involved in hacking, spying, mass surveillance and even the insertion of (no doubt "illegal" an certainly extremely damaging) viruses such as Stuxnet. Presumably people who would engage systematically in such activities would not be beyond falsifying research findings.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Z00L00K]

It would be a lot more fun to serve those a redirect to some odd server, like 4chan.

Re:

[larryjoe]

"Three Israeli researchers uncovered that the major Chinese-based ISPs named China Telecom and China Unicom, two of Asia's largest network operators, have been engaged in an illegal practice of content injection in network traffic".

As a matter of interest, what laws does this contravene? If it happens in China, isn't it a matter for Chinese law? And is it likely that the Chinese government, which is often said to monitor all network traffic assiduously, would fail to notice such practices?

Good point. This may not actually be illegal in China. It may also be expected from Chinese users. However, it is scary, nonetheless.

Also, I am doubtful about taking the word of Israeli researchers on such a matter. Israel, like the USA, has been deeply involved in hacking, spying, mass surveillance and even the insertion of (no doubt "illegal" an certainly extremely damaging) viruses such as Stuxnet. Presumably people who would engage systematically in such activities would not be beyond falsifying research findings.

If Israelis and Americans are "deeply involved in hacking, spying, mass surveillance ...", that would make them experts that would actually know about these things and how to detect them. The allegation that experts would necessarily be more prone to falsifying findings is a non sequitur. There may be reasons to assume a propensity to propaganda on the part of the Israeli

And what will you do?

[SeaFox]

The major Chinese ISPs are the major telecom providers. Aren't those State owned?

Would anyone really have the guts to complain to the government.

Re: And what will you do?

[techabuse]

More like, if you complain, they take your guts.

Re:

[gl4ss]

complain to the party that the isp running officials are profiteering from state owned hardware.

depending on the sum profiteered they get either prison or worse.

oh and most likely scenario is just that they're simply injecting ads and by 'they' I mean some entrepreneur downline in the organization most likely, who just happens to have access or authority to turn it on. that the ads contain malware is just a side effect.

just a few month ago the ads on slashdot contained malware("app store install" type of sh

Re:

[Z00L00K]

besides than that, the copyrights and such aren't that different over in china.. they're just very sloppily enforced.

Rather like not enforced at all except if it's infringing on the rights of some local VIP.

Re:

[Dr.Saeuerlich]

yes, they are even set up in some pseudo rivalry. I assume it was intended, originally, to create some sort of competition. Except it created a duopoly where they both carved up the market between them. i.e. in some parts of town you can only get China Telecom and Unicom will simply tell you they don't serve that area, and the other way round.

However, they also make life difficult. Competition, in Chinese terms, is not making life for the other corporation difficult, but for its customers. They too are the

SubjectsInCommentsAreStupidCauseTheSubjectIsTFA

[Anonymous Coward]

I suggest you look into your browser\OS's list of trusted CAs. You'll find many many questionable ones to say the least.
Turkish, hongkongese, taiwanese and yes, even chinese ones.

Re:

[Anonymous Coward]

You're right, that's an issue. It would have been nice if there was a browser plugin to allow the user to assign ratings to all the root certs that come bundled with the browsers. That way, I would at least get a 'warning' if I was about to visit a site certified by a CA that I marked as 'low trust' .. I would then have the chance to cancel the navigation or run with extra restrictions, or run in a sandboxed browser... and know that the content could be dubious.

Re: SubjectsInCommentsAreStupidCauseTheSubjectIsTF

[techabuse]

You can change root CA permissions in Firefox, it's just all-or-nothing per certificate for code signing, site ID, and something else I'm too lazy to look up. I nuke plenty of dodgy CAs on every fresh install... Never really noticed a problem while browsing.

Not news?

[NickHydroxide]

I lived in China for a number of years, and this has been going on for a long time now (at least, with my ISP China Unicom). Absolute PITA, but that pretty much describes most online experiences in China (with the exception of Taobao, which is head and shoulders above Ebay).

Re:

[ebonum]

Mod up parent. This is old news. They have been doing this for a decade or more.

Re:Not news?

[Balthisar]

China Unicom on my phone is pretty good at not making it obvious that they're tampering with my traffic. They're also pretty friendly to VPNs running on my phone.

China Telecom, though, provides my home fiber service, and I've been getting their ads for years and years, including on my own sites! Calling and complaining about it has never had any effect. Unfortunately China Telecom is getting better and better at detecting and taking down VPNs, meaning that I can't leave my router-based VPN running all the time.

The fact that these ads are served over Bing makes me wonder why Microsoft doesn't get involved...

And, yeah, Bing is crap (for what I search for), but at least it works when the VPN isn't connecting.

And this is why I block china.

[WarlockD]

Seriously, I refresh the IP space evey week for China, Russa, Africa and starting to look at South America. I can say it helped immensely on the spam to my grandma even before it gets to spam assassin. If I have to virtually visit those county, it all goes though a vmware image though an anonymous internet vpn. It sounds insane till you get ping ddosed from a site you just visited:P

Re:

[barbariccow]

It sounds insane till you get ping ddosed from a site you just visited:P

ping ddosed? I remember doing that........... in 1997 it was a thing.

Thanks for confirming it

[Dr.Saeuerlich]

Every once in a while I got Chinese ads served on Western websites that never serve ads otherwise, especially not Chinese ones, and it would only stop when the VPN was turned on. The ads were in most case pop-overs that would appear on the bottom of pages. I suspected long ago that China Telecom was somehow adding their own ads to my browsing "experience".

Re:

[Balthisar]

View source. You'll see a single line of Javascript when this bullshit happens. So far in all cases, reloading the page fixes it.

This is especially infuriating, though, when trying to use a search engine. When I'm not using a VPN I usually use Bing because it actually works. When these ads pop up they actually make Bing unusable. Their shitty Javascript interferes.

Re:

[Dr.Saeuerlich]

interesting. I never bothered to look at the source. But I haven't encountered any of these ads recently as I'm pretty much on a VPN 99.99% of the time. Most outside websites are pretty much unusable without VPN these days. Im lucky that my company is a WFOE and shells out good money so they can afford a legal VPN that bypasses most of the bullshit the GFW and Chinese ISPs throw at you.

This is not news

[dwillden]

In 2008 while deployed to Afghanistan I noticed many sites displaying as corrupted and started digging. Turns out the internet service provided for personal use by troops was subject suffering from this. The service (which we paid for) was satellite service operated on the base by Indian Nationals but was routing through Chinese internet providers and every url served had a script injected. I complained, and raised the security concerns but it was never fixed. It was clumsily done so no-script blocked the injected script and my websites started displaying properly again. But I didn't really have the time or resources to dig further.

Re:

[KGIII]

Assuming you want to buy electronics that are general compute devices, not buying Chinese-made products is not a realistic option. Hell, I am not even sure if you can buy a microwave without it having components from China. At best, you might find something assembled somewhere that is not China. I am not sure what that will net you, but you might be able to.

Find me a general use compute device with zero components sourced from China. Just one will do. I *almost* guarantee that you can not. The device you us

Re:

[KGIII]

What, a brick? Seriously, what do you have that has zero components from China?