Earlier this week, your Facebook posts could have been rewritten on the Great Wall of China, not just on your friends’ walls. For about 30 minutes on Tuesday morning, Facebook traffic in the US, or at least the connections going through AT&T’s Internet services, did not travel via the most direct route. Normally, AT&T passes packets of data to US-based Level3 Communications, which in turn hands them off to Facebook’s servers.
Instead, the connections went the long way: through servers owned by China Telecom’s ChinaNet, the state-owned ISP of mainland China, and then to SK Broadband, a commercial ISP in South Korea, before finding their way to Facebook. Independent security researcher Barret Lyon saw the change and took note:
This morning’s route to Facebook from AT&T:
route-server>show ip bgp 69.171.224.13 (Facebook’s www IP address)
BGP routing table entry for 69.171.224.0/20, version 32605349
Paths: (18 available, best #6, table Default-IP-Routing-Table)
Not advertised to any peer
7018 4134 9318 32934 32934 32934The AS path (routing path) translates to this:
- AT&T (AS7018)
- ChinaNet (Data in China AS4134)
- SK Broadband (Data in South Korea AS9318)
- Facebook (Data back to US 32934)
Current route to Facebook via AT&T:
route-server>sho ip bgp 69.171.224.0/20
BGP routing table entry for 69.171.224.0/20, version 32743195
Paths: (18 available, best #6, table Default-IP-Routing-Table)
Not advertised to any peer
7018 3356 32934 32934, (received & used)
In other words, if you used Facebook on AT&T at the right time this week, everything that passed without encryption was exposed to anyone operating ChinaNet and SK Broadband. Chances are nothing was actually done with your data, but that’s not a certainty.
“We are investigating a situation today that resulted in a small amount of a single carrier’s traffic to Facebook being misdirected,” a Facebook spokesperson said in a statement. “We are working with the carrier to determine the cause of this error. Our initial checks of the latency of the requests indicate that no traffic passed through China.”
I waited this week to see if the company would make an announcement regarding what it found, but no dice. If nothing really did pass through the country, it could mean the data went through a ChinaNet server located elsewhere.
The odd routing could have merely been an error within the Border Gateway Protocol (BGP) routing tables that tell Internet backbone routers where to send traffic. This would normally be seen as just a hiccup, but it’s not exactly rare anymore. In fact it happened twice just last year.
In March 2010, traffic to sites such as YouTube, Twitter, and Facebook was redirected to servers in China, giving Web surfers around the globe a glimpse of what Chinese Internet users see when they try to access those blocked sites. In November 2010, traffic for 15 percent of the world’s destinations, coming from military and civilian government networks in the UK, the US, Australia, and South Korea started re-directing through China Telecom.
It’s not clear if all of this rerouting is being done on purpose to help China collect intelligence. The Chinese government of course denies such allegations. Experts are still trying to figure out how it happens and how to prevent it in the future.
Facebook may be blocked in China, but the Chinese could want your private data in order to sell it. Then again, this could all just be a mix-up we may never understand. Either way, you probably don’t want your posts sent anywhere else but Facebook, otherwise you would be using a much more public service, like Twitter.
Two months ago, Facebook began offering SSL encryption as well as HTTPS protection for login data. To turn HTTPS support on for your Facebook account, head to Account Settings, click on change beside Account Security, check off “Browse Facebook on a secure connection (https) whenever possible” and then hit Save. This way, at least if your data takes the long way again, it will be encrypted.
