China Intercepts Scholars’ Google Searches

Researchers in China using the nation’s education network are being hacked by their own country when they conduct authorized Google searches. China’s public Internet blocks Google altogether but not the education network – called CERNET. China figures that its researchers need Google access to win the global innovation race.

However, China still likes to exert some control over what researchers can see, as well as monitor what they are reading. China lost the ability to filter and snoop this spring, when Google started encrypting searches, rather than transmitting queries in plain text.

To regain spying powers, the country now redirects Internet traffic flowing to Google. Users think they are interacting directly with Google, when, in actuality, their searches are being relayed to Google by the government – and vice versa.

“In the lead up to the new school year, the Chinese authorities launched a man-in-the-middle (MITM) attack against Google,” anti-censor website Greatfire observes, referring to the nickname of the redirection tactic. “By placing a man-in-the-middle, the authorities can continue to provide students and researchers access to Google while eavesdropping or blocking selective search queries and results.”  

It is unclear how the MITM attack is being carried out.

A probable method “would be IP hijacking; either through a BGP prefix hijacking or some form of packet injection. However, regardless of how they did it the attacker would be able to decrypt and inspect the traffic going to Google,” security firm Netresec said in a blog post, after conducting forensic analysis for GreatFire.