Skip to Content
Uncategorized

How China and Others Are Altering Web Traffic

“Invisible” servers let governments quietly intercept and modify their citizens’ online communications.
March 24, 2011

Google leveled new charges against China this week, claiming that the country has interfered with some citizens’ access to the Internet giant’s Gmail service, disguising the interference as technical glitches.

Security experts say that China is most likely using invisible intermediary servers, or “transparent proxies,” to intercept and relay network messages while rapidly modifying the contents of those communications. This makes it possible to block e-mail messages while making it appear as if Gmail is malfunctioning.

Companies regularly use transparent proxies to filter employees’ Web access. Some ISPs have also used the technique to replace regular Web advertisements with those of their own. But it’s becoming increasingly common for governments to use transparent proxies to censor and track dissidents and protestors. All traffic from a certain network is forced through the proxy, allowing communications to be monitored and modified on the fly. Intercepting and relaying traffic is known as a “man in the middle” attack.

“What you are doing is rewriting the content as it is delivered back to the user,” says Nicholas J. Percoco, the head of SpiderLabs, which is part of the security firm Trustwave. Percoco said China’s ISP could track everyone who uses Gmail. To do this, it would “inject a JavaScript keystroke logger, which would record every keystroke they typed on the service.”

Defenses against the attack are few, especially if the Internet service provider has a valid cryptographic certificate, which all major national ISPs should have. Using a protocol known as HTTPS can prevent a man-in-the-middle attack, because it encrypts information in transit. However„ Microsoft revealed in a security advisory issued today that it had detected nine fraudulent certificates for popular Web sites, including Google Mail, Microsoft’s Live service, and Yahoo’s services. These fake certificates could also be used to intercept encrypted communications.

The Chinese government is thought to have tightened communications in response to political unrest in the Middle East. Google discovered that problems with Gmail from within China came in the form of an attack that caused the Web application to freeze when a user took certain actions, such as clicking the “send” button.

“There is no technical issue on our side—we have checked extensively,” a Google spokesperson said in an e-mail statement. “This is a government blockage carefully designed to look like the problem is with Gmail.”

The attack appears to block the site only sporadically, halting access to the Web application for a few minutes and then allowing the user to again connect to Gmail, Google says.

Other nations have used man-in-the-middle tactics to interfere with Web traffic. Tunisia took a similar approach to grabbing Facebook logins in order to perform surveillance on its citizens after widespread protests of the reign of Zine El Abidine Ben Ali. The protests followed massive unrest in other countries such as Yemen and Tunisia’s next door neighbor, Libya.

Facebook has become a major communications hub for protestors in many countries. The Tunisian government was “using the transparent proxy to hijack the sessions of the users’ accounts and post positive things about the government to the people’s Facebook accounts,” says Percoco.

Deep Dive

Uncategorized

Five poems about the mind

DREAM VENDING MACHINE I feed it coins and watch the spring coil back,the clunk of a vacuum-packed, foil-wrappeddream dropping into the tray. It dispenses all kinds of dreams—bad dreams, good dreams,short nightmares to stave off worse ones, recurring dreams with a teacake marshmallow center.Hardboiled caramel dreams to tuck in your cheek,a bag of orange dreams…

Work reinvented: Tech will drive the office evolution

As organizations navigate a new world of hybrid work, tech innovation will be crucial for employee connection and collaboration.

The way forward: Merging IT and operations

Digital transformation in any industry begins with bridging the gap between two traditionally separate teams.

Investing in people is key to successful transformation

People-related factors like talent attraction and retention and clear top-down communication will determine whether your transformation progresses or stalls.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.