Hello,

We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

How China and Others Are Altering Web Traffic

“Invisible” servers let governments quietly intercept and modify their citizens’ online communications.

Google leveled new charges against China this week, claiming that the country has interfered with some citizens’ access to the Internet giant’s Gmail service, disguising the interference as technical glitches.

Security experts say that China is most likely using invisible intermediary servers, or “transparent proxies,” to intercept and relay network messages while rapidly modifying the contents of those communications. This makes it possible to block e-mail messages while making it appear as if Gmail is malfunctioning.

Companies regularly use transparent proxies to filter employees’ Web access. Some ISPs have also used the technique to replace regular Web advertisements with those of their own. But it’s becoming increasingly common for governments to use transparent proxies to censor and track dissidents and protestors. All traffic from a certain network is forced through the proxy, allowing communications to be monitored and modified on the fly. Intercepting and relaying traffic is known as a “man in the middle” attack.

“What you are doing is rewriting the content as it is delivered back to the user,” says Nicholas J. Percoco, the head of SpiderLabs, which is part of the security firm Trustwave. Percoco said China’s ISP could track everyone who uses Gmail. To do this, it would “inject a JavaScript keystroke logger, which would record every keystroke they typed on the service.”

Defenses against the attack are few, especially if the Internet service provider has a valid cryptographic certificate, which all major national ISPs should have. Using a protocol known as HTTPS can prevent a man-in-the-middle attack, because it encrypts information in transit. However„ Microsoft revealed in a security advisory issued today that it had detected nine fraudulent certificates for popular Web sites, including Google Mail, Microsoft’s Live service, and Yahoo’s services. These fake certificates could also be used to intercept encrypted communications.

The Chinese government is thought to have tightened communications in response to political unrest in the Middle East. Google discovered that problems with Gmail from within China came in the form of an attack that caused the Web application to freeze when a user took certain actions, such as clicking the “send” button.

“There is no technical issue on our side—we have checked extensively,” a Google spokesperson said in an e-mail statement. “This is a government blockage carefully designed to look like the problem is with Gmail.”

The attack appears to block the site only sporadically, halting access to the Web application for a few minutes and then allowing the user to again connect to Gmail, Google says.

Other nations have used man-in-the-middle tactics to interfere with Web traffic. Tunisia took a similar approach to grabbing Facebook logins in order to perform surveillance on its citizens after widespread protests of the reign of Zine El Abidine Ben Ali. The protests followed massive unrest in other countries such as Yemen and Tunisia’s next door neighbor, Libya.

Facebook has become a major communications hub for protestors in many countries. The Tunisian government was “using the transparent proxy to hijack the sessions of the users’ accounts and post positive things about the government to the people’s Facebook accounts,” says Percoco.

The latest Insider Conversation is live! Listen to the story behind the story.

Subscribe today
Already a Premium subscriber? Log in.

Uh oh–you've read all of your free articles for this month.

Insider Premium
$179.95/yr US PRICE

Want more award-winning journalism? Subscribe and become an Insider.
  • Insider Plus {! insider.prices.plus !}* Best Value

    {! insider.display.menuOptionsLabel !}

    Everything included in Insider Basic, plus the digital magazine, extensive archive, ad-free web experience, and discounts to partner offerings and MIT Technology Review events.

    See details+

    What's Included

    Unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

    Bimonthly print magazine (6 issues per year)

    Bimonthly digital/PDF edition

    Access to the magazine PDF archive—thousands of articles going back to 1899 at your fingertips

    Special interest publications

    Discount to MIT Technology Review events

    Special discounts to select partner offerings

    Ad-free web experience

  • Insider Basic {! insider.prices.basic !}*

    {! insider.display.menuOptionsLabel !}

    Six issues of our award winning print magazine, unlimited online access plus The Download with the top tech stories delivered daily to your inbox.

    See details+

    What's Included

    Unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

    Bimonthly print magazine (6 issues per year)

  • Insider Online Only {! insider.prices.online !}*

    {! insider.display.menuOptionsLabel !}

    Unlimited online access including articles and video, plus The Download with the top tech stories delivered daily to your inbox.

    See details+

    What's Included

    Unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

/
You've read all of your free articles this month. This is your last free article this month. You've read of free articles this month. or  for unlimited online access.