China in the mix: Third telco’s the charm? FIRST OF TWO PARTS

The Department of Information and Communications Technology (DICT) has named the “New Major Player (NMP)” in the local telecommunications market:

The National Telecommunications Commission (NTC) Selection Committee declared Mislatel-led consortium as the provisional NMP on Nov. 7.

The consortium is made up of Mindanao Islamic Telephone Inc. (Mislatel), Udenna Corp., Chelsea Logistics Holdings, and China Telecom. This consortium was “declared the only qualified participant by the NMP Selection Committee out of the three submitted bids en route to winning the provisional NMP title,” the DICT said in a press statement carried on the department’s website.

“Two other bidders in PT&T Corp. and Sear Telecom-led consortium, formed with LCS Group, Fujian Torch, Miller LTE, and SEA Telecom, were disqualified after the preliminary evaluation of the First Submission Package due to lack of documents,” according to the DICT. “PT&T’s documents were found incomplete after [the company failed] to submit a Certification of Technical Capability while Sear Telecom consortium lacked the paper for participation security.” Both PT&T and Sear Telecom said they would file motions for reconsideration to challenge the winning bid.

Mislatel posted 456.80 points in its Highest Committed Level of Service (HCLOS) bid, computed based on the five-year commitment on National Population Coverage, Minimum Average Broadband Speed, and Capital and Operational Expenditure that the consortium submitted to the NTC committee. As of this writing, the consortium still had to pass the document verification phase over three calendar days before it is confirmed to be the NMP.

DICT Acting Secretary Eliseo M. Rio Jr. said “[t]his (NMP Selection) has been the work [of] almost a year and I don’t think anybody can say that something is wrong or hidden. Personally, I’m satisfied on how the proceedings went.”

Rio also said he hopes “the NMP will stay true to the commitment they submitted to win this selection process while also wishing to see their competitors to level up their game.”

The DICT touted this naming of an NMP “a promise fulfilled for the Duterte administration,” saying “the President himself [sees] this as a step to promote genuine competition in the country’s telecommunications industry.

Of course, we all know how closely Duterte favors China. Even in matters like the Philippines claim to the islands in the West Philippine Sea and the South China Sea known as the South China Sea Arbitration under the United Nations Convention on the Law of the Sea before the Permanent Court of Arbitration in The Hague. The Government of the Republic of the Philippines won that case against the People’s Republic of China—a victory that China does not recognize. Nor does the Duterte administration, apparently.


With the slow internet speeds and poor service in the local telco sector, a third player to break up what Filipino netizens have been calling a “duopoly” between Globe Telecom and the Philippines Long Distance Telephone Co. (PLDT) is a definite need.

Yes, we need the NMP, if only to provide much-needed infrastructure, services, connectivity and, yes, competition to keep the two long-time telco players in the Philippines on their toes with competition. But at what cost?

One troublesome thing with the composition of the incoming NMP consortium: China Telecom is a state-owned telecommunications company—and the state that owns it is China, not the Philippines.

Is it really advisable to allow the state telco of a country with whom we have this territorial dispute to enter not just the Philippine market, but the Philippine telecommunications market that services not just consumers, but government? In a country where even the DICT does not have a secure sockets layer (SSL) certificate on its website—which means that the department that oversees all things to do with our digital lives does not have a secure presence on the internet. Let that sink in.

With the entry of the Misaltel consortium, we would essentially be letting China Telecom be part of our telecommunications infrastructure—including hardware like the cell sites that need building, the telecommunication gateways that will be opened and interconnected with the gateways of Globe and PLDT. We will, definitely, be letting China Telecom into our homes, offices, and government agencies.

Will this be good? Maybe. Maybe not.

A report on the website titled “China’s Maxim – Leave No Access Point Unexploited: The Hidden Story of China Telecom’s BGP Hijacking” and authored by Chris C. Demchak of the United States Naval War College and Yuval Shavitt of the Tel Aviv University was quoted by the website in a report written by Juha Saarinen on Oct. 26, 2018.

Demchak and Shavitt’s said in their study that China Telecom hijacked and diverted internet traffic going to or passing through the US and Canada to China on a regular basis. The Graphic downloaded a copy of that study.

They said in their study that “data suggests” the Chinese government “opted to leverage a seemingly innocuous player—one that is normally viewed as a passive service provider—to target the foundational infrastructure of the internet to bypass the agreement, avoid detection, and provide the necessary access to information.”

They identified that player as China Telecom, noting that an agreement between the US and Chinese governments in 2015 “prohibited direct attacks on computer networks”, but “it did nothing to prevent the hijacking of the vital internet backbone of western countries. Conveniently, China Telecom has ten strategically placed, Chinese controlled internet ‘points of presence’4 (PoPs) across the internet backbone of North America. Vast rewards can be reaped from the hijacking, diverting, and then copying of information-rich traffic going into or crossing the United States and Canada—often unnoticed and then delivered with only small delays.”


Demchak and Shavitt noted that successfully hijacking the internet “requires understanding how to manipulate key structures in contractual and regulatory agreements about who moves information packets to whom across the internet.”

They explained that the internet “consists of tens of thousands of independently managed networks, interconnected through contractual peer-or-pay arrangements by which the data packets are exchanged. Each of these networks is called an ‘Autonomous System’ (AS), meaning that network independently controls the access to and from all its internal network nodes. Users inside that AS connect to other users in other networks through that AS’ own gateway servers.”

They added that “[f]or data traffic to move, addresses of senders and recipients are needed. These ASs are each assigned a unique ‘Autonomous System Number’ (ASN) to identify itself globally for receipt of information packets. Each AS controls a set of ‘internet protocol’ (IP) addresses assigned in blocks of consecutive numbers. 5 These blocks are assigned much like telephone number area codes; for example, blocks in the US are now regulated in the US by the Federal Communications Commission (FCC).”

AFP Photo Romeo Gacad

Data moves through the internet across “intervening ASs as small data ‘packets’ with their destination IP addresses attached. Each router in the transited networks looks at the destination IP address in the packet and forwards it to the next and closest AS according to a ‘forwarding table.’  The‘glue’ holding the Internet together uses two forms of software ‘protocols’—the Internet Protocol (IP) [RFC971] and the Border Gateway Protocol (BGP) [RFC 4271],” they said. “The IP defines how information is exchanged between end systems at the network level, and requires that every device connected to the Internet (such as a computer or a router) will have a unique global address, its IP address.” In the same way snail mail requires both a sender’s and a recipient’s address, information transmitted over the internet have digital addresses for senders and recipients, and they follow digital paths in a manner similar to how physical mail and packages are sent across physical space, such as post office hubs.

“The servers hosting the ‘Border Gateway Protocol’ (BGP)—the key Internet routing protocol—build these forwarding tables which are shared across each contributing AS,” Demchak and Shavitt explained. “Within the BGP forwarding tables, administrators of each AS announce to their AS neighbors the IP address blocks that their AS owns, whether to be used as a destination or a convenient transit node.”

The researchers noted that errors “can occur given the complexity of configuring BGP, and these possible errors offer covert actors a number of hijack opportunities.”

Creating and pulling off a successful BGP hijacking attack, they wrote, “Is complex, but much easier with the support of a complicit and preferably large-scale ISP [internet service provider] that is more likely to be included as a central transit point among a sea of ASs.”

They noted that, “most BGP hijacks are the work of government agencies or large transnational criminal organizations with access to, leverage over, or control of strategically placed ISPs.”

The researchers cited two such attacks: In 2008, Pakistan Telecom “accidentally hijacked all YouTube traffic for several hours as administrators make mistakes in using routing to censor a clip considered non-Islamic.” Then, on April 8, 2010, they said, “China Telecom hijacked 15% of the Internet traffic for 18 minutes in what is believed to be both a large-scale experiment and a demonstration of Chinese capabilities in controlling the flows of the internet.”

Researchers at BGProtect LTD based on the DIMES project [DIMES] at the

Tel Aviv University built a route-tracing system for monitoring BGP announcements and distinguishing patterns that suggest accidental or deliberate hijacking across many routes simultaneously, and down to the individual city where the BGP hijacking happened.

This was the technique Demchak and Shavit were using when they noticed “unusual and systematic hijacking patterns associated with China Telecom.”


It has been 11 years since Estonia and its government suffered a crippling cyber-attack—the first known cyber-attack of an entire country—over a statue now known as the Bronze Soldier, a World War II memorial of a soldier wearing a Red Army uniform, his head bowed and his fist clenched that now stands in a quiet part of a cemetery on the edge of Estonia’s capital, Tallinn.

Originally called the “Monument to the Liberators of Tallinn,” the statue also stands for the United Soviet Socialist Republic’s (USSR) hard-won victory over the Nazis to Russian speakers in Estonia, according to a BBC report. Ethnic Estonians did not see the statue in the same way, according to the same report. To them, the Bronze soldier symbolized the oppression of the USSR. So, in 2007, the Estonian government decided to move the Bronze soldier from the Tallinn city center to the military cemetery where it now stands.

This incident triggered outrage in Russian-language media and Estonia’s Russian speakers took to the streets to protest—actions that were exacerbated by false reports claiming the statue had been destroyed along with nearby Soviet war graves.

Tallinn erupted into two nights of rioting and looting on April 26, 2007, leaving one dead, 156 people injured, and resulting in the detention of 1,000 people. On April 27, 2007, Estonia was hit by major cyber-attacks—some of which lasted for weeks.

The online services of Estonian banks, media outlets and government agencies were taken down by unprecedented levels of internet traffic. At the time, it was the biggest concerted set of dedicated denial of service (DDOS) attacks in the world, in which massive volumes of spam were sent by botnets (robot networks) and unrelentingly humungous numbers of automated online requests swamped the targeted servers.

In the physical world, Estonians could not use ATMs or online banking services, which flickered on and off. Government workers could not communicate with each other via email. Media outfits couldn’t deliver the news.

The chaos was like warfare, without any actual casualties. It was as if a science-fiction horror story had come to life: Hostilities were unleashed and affected the delivery of government services, banking systems, and communications.

Could this happen in the Philippines? Perhaps. But there are worse things than massive cyber-attacks that cripple your purchasing power and render you blind to the news for weeks. There are also cyber-attacks that hijack sensitive or vital information.   To be continued












More Stories