Traffic destined for Facebook from AT&T’s servers took a strange loop though China and South Korea on Tuesday, according to a security researcher.
As Barrett Lyon wrote on his blog, typically AT&T customers’ data would have routed over the AT&T network directly to Facebook’s network provider but due to a routing mistake, their private data went first to Chinanet then via Chinanet to SK Broadband in South Korea, then to Facebook. This means that anything you looked at via Facebook without encryption was exposed to anyone operating Chinanet, which has a very suspect Modus operandi.
Route to Facebook from AT&T on 22nd March 2011 :
route-server>show ip bgp 22.214.171.124 (Facebook’s www IP address)
BGP routing table entry for 126.96.36.199/20, version 32605349
Paths: (18 available, best #6, table Default-IP-Routing-Table)
Not advertised to any peer
7018 4134 9318 32934 32934 32934
The AS path (routing path) translates to this:
1. AT&T (AS7018)
2. Chinanet (Data in China AS4134)
3. SK Broadband (Data in South Korea AS9318)
4. Facebook (Data back to US 32934)
What could have happened with your data? Most likely absolutely nothing. Yet, China is well known for it’s harmful networking practices by limiting network functionality and spying on its users, and when your data is flowing over their network, your data could be treated as any Chinese citizens’. Does that include capturing your session ID information, personal information, emails, photos, chat conversations, mappings to your friends and family, etc.? One could only speculate, however it’s possible.
This happens all the time — the Internet is just not a trusted network.
One way to prevent this from happening to your account: Enable HTTPS.
In January, Facebook rolled out the HTTPS feature to all browsing done on the site, but it’s opt-in an not automatic setting. Previously, Facebook used HTTPS only when you entered in your password.
To enable this security feature, go to – Account Settings >> Account Security
Click “change”. Check mark “Browse Facebook on a secure connection (https) whenever possible”.