Internet Traffic To Major Tech Firms Mysteriously Rerouted To Russia

wiredmikey writes: Internet traffic to some of the world's largest tech firms was briefly rerouted to Russia earlier this week in what appeared to be a Border Gateway Protocol (BGP) attack. Internet monitoring service BGPmon noticed that 80 IP prefixes for organizations such as Google, Microsoft, Apple, Facebook, NTT Communications, Twitch and Riot Games had been announced by a Russian Autonomous System (AS).

It happened twice on Tuesday and each time it only lasted for roughly three minutes. The first event took place between 04:43 and 04:46 UTC, and the second between 07:07 and 07:10 UTC. Despite being short-lived, BGPmon said the incidents were significant, including due to the fact that the announcements were picked up by several peers and some large ISPs, such as Hurricane Electric and Zayo in the U.S., Telstra in Australia, and NORDUnet, which is a joint project of several Nordic countries. The incident is rather suspicious, as the prefixes that were affected are all high profile destinations, as well as several more specific prefixes that aren't normally seen on the Internet.

MitM attacks

[Rick Schumann]

Seems to me you can complete quite a few MitM attacks in three minutes. Wonder how many people were compromised and/or how many websites were compromised? Or was this just a 'dry run' for a larger attack? Guess we won't know until the other shoe drops.

Re:

[Anonymous Coward]

Im safe, I use kaspersky!

CAPTCHA: cleaned

Re:

[sabri]

Can we nuke Russia already for these high crimes?

What makes you think any Russian citizen is involved? They could be a victim as much as the companies who owned the hijacked subnets.

All we know at this time is that an AS number assigned to a Russian entity was used. Anyone can configure that on their router, just as I can send a threatening letter with your return address on the envelope.

Re:

[nazsco]

I think they were talking about the network being in Russia has nothing to do with a russian citizen or government being involved.

it is much easier to rent/compromise computers and run a flase flag than it is to move thousands of troops or expensive military equipment for a flase flag operation in the "old military economy"

Re:

[Ol Olsoc]

I think they were talking about the network being in Russia has nothing to do with a russian citizen or government being involved.

it is much easier to rent/compromise computers and run a flase flag than it is to move thousands of troops or expensive military equipment for a flase flag operation in the "old military economy"

If it came fmor outside Russia, it wasn't Russia. If it came from inside Russia, it wasn't Russia. The No True Russia argument.

Russia is a Problem

[ohnocitizen]

Their hostile behavior is only getting worse, and we can either bury our heads in the sand and allow their puppet Trump to avoid doing anything to deal with the threat they represent, or we can get adults into the government in 2018 and take this country back!

Re:

[Rick Schumann]

Eh, give Mueller a chance, he's just starting to build up momentum. Just cross your fingers that we don't end up with Pence as POTUS, that'd be much worse than you imagine.

Re:

[um... Lucas]

If we have someone if office that broke the law, we shouldn't leave them in out of fear that their successor's policies are worse. That makes it even more political. If they did something wrong, they did something wrong, that's it. Not "it's illegal, but we'll selectively not enforce the law because..."

Re:

[Rick Schumann]

Not suggesting that. If Mueller discovers there was in fact collusion and therefore Trump can't legitimately be POTUS, I'd hope that they'd throw out his entire cabinet and force a special election. It'd be a huge mess but it'd be better than Pence as POTUS, at least in the long run. Problem is there's no precedent for any of that, so who knows how it'd be handled? With the GOP still holding a majority in Congress, they'd fight as hard as they possibly could to keep Pence around -- which would be far, far w

Re:

[hackwrench]

The Constitution has provisions to handle this unfortunately and if Mike Pence isn't impeached as well, he's in and there's a pecking order as to who gets in determined as well if I recall correctly.

Re:Russia is a Problem

[fahrbot-bot]

The Constitution has provisions to handle this unfortunately and if Mike Pence isn't impeached as well, he's in and there's a pecking order as to who gets in determined as well if I recall correctly.

Wikipedia has the current line of Presidential Succession [wikipedia.org]:

• 1 Vice President - Mike Pence (R)
• 2 Speaker of the House of Representatives - Paul Ryan (R)
• 3 President pro tempore of the Senate - Orrin Hatch (R)
• 4 Secretary of State - Rex Tillerson (R)
• 5 Secretary of the Treasury - Steven Mnuchin (R)
• 6 Secretary of Defense - Jim Mattis (I)
• 7 Attorney General - Jeff Sessions (R)
• 8 Secretary of the Interior - Ryan Zinke (R)
• 9 Secretary of Agriculture - Sonny Perdue (R)
• 10 Secretary of Commerce - Wilbur Ross (R)
• 11 Secretary of Labor - Alex Acosta (R)
• 12 Secretary of Health and Human Services - Eric Hargan (R) Acting
• 13 Secretary of Housing and Urban Development - Ben Carson (R)
• – Secretary of Transportation - Elaine Chao (R) [ ineligible, not natural-born US citizen ]
• 14 Secretary of Energy - Rick Perry (R)
• 15 Secretary of Education - Betsy DeVos (R)
• 16 Secretary of Veterans Affairs - David Shulkin (I)
• 17 Secretary of Homeland Security - Kirstjen Nielsen (I)

See *anyone* in there you'd really like to see as President?

Re:

[ahodgson]

Mattis. I'd take a Marine Corp general over any politician.

Re:

[fahrbot-bot]

Mattis. I'd take a Marine Corp general over any politician.

Unfortunately, he's in line *after* Secretary of the Treasury "we have over 100 people working overtime for months to produce a 1 page 'analysis' of the Republican Tax Plan - that supports everything" Steven Mnuchin and his wife, Bond villain [theguardian.com] Louise Linton.

Re:

[stonecypher]

Consider looking into other military presidents, such as Ulysses S Grant

Re:

[ahodgson]

Like Eisenhower? Or Kennedy? OK.

Re: Russia is a Problem

[aliquis]

Go Mattis.

Free and save Europe.

Re:

[Ol Olsoc]

See *anyone* in there you'd really like to see as President?

I vote the moo cow guy. Whatever happened to him anyhow, I really liked him.

Re:

[jellomizer]

If President is impeached the job goes to VP.
Now if Pence is part of such collusion chances are he would get fired first, because Mueller is following a normal methodology for tracking down gang. Starting at the bottom giving some deals to the low level offenders and working their way up.

Re:

[ShanghaiBill]

Now if Pence is part of such collusion ...

Evidence suggests he was not. He was never part of Donald's inner circle. Mike Flynn was fired for lying to Pence. If Pence was "in on it", Flynn wouldn't have lied, and Pence wouldn't have been asking.

Pence would be worse on social issues, but he would likely be better on foreign policy, and economic management.

Re:

[jbengt]

Mike Flynn was fired for lying to Pence. If Pence was "in on it", Flynn wouldn't have lied, and Pence wouldn't have been asking.

You're assuming that the reason given for firing Flynn wasn't just an excuse. There's evidence that Pence, among others on the transition team that Pence was in charge of, knew about Flynn's activities before Flynn "lied to Pence".

Pence would be worse on social issues, but he would likely be better on foreign policy, and economic management.

On those points I agree.

Re:

[Rick Schumann]

You're probably right. And he'd likely be out in 2020 anyway. Of course it'll take a decade at least to repair all the damage done thusfar regardless.

Re:

[liquid_schwartz]

You're probably right. And he'd likely be out in 2020 anyway. Of course it'll take a decade at least to repair all the damage done thusfar regardless.

Probably more than a decade. Consider that we've had *many* years of poor leadership. Trump is off to a poor start. Obama was a divisive joke. Bush was pathetic too. You have to go back to Bill Clinton to get anything halfway decent. I think you have to go back as far as Eisenhower to get something really good.

Re:

[dave420]

I 'member!

Re:

[bobbied]

Not suggesting that. If Mueller discovers there was in fact collusion and therefore Trump can't legitimately be POTUS, I'd hope that they'd throw out his entire cabinet and force a special election.

You cannot be serious.. A "Special election"?

We are a nation of laws and the whole thing starts with the US Constitution which addresses how it works when the office of president is vacant and it's NOT by special election. The office goes to the Vice-president who then appoints a new VP of his/her choice. Should BOTH the President and Vice-president be incapacitated at the same time, the office would fall to the speaker of the house, right now that would be Paul Ryan... There is a whole list of who gets

Re:

[FatdogHaiku]

...The office goes to the Vice-president who then appoints a new VP of his/her choice....

The new VP would need a confirmation by a majority vote of both Houses of Congress... Election 2018 looking more important all the time, for both parties.
Amendment 25 part 2 [usconstitution.net]

Re:

[bobbied]

True, but the president appoints and a majority of congress approves or not. Pence would get his choice because I doubt the democrats would want to be seen turning his choice down just for spite, and it would be just for spite.

I suppose it would depend on the circumstances of Pence taking power though. IF Trump is forced out (impeached/convicted or resigns under duress) the democrats would be stupid to be seen bashing Pence after bashing Trump. I can see the voters getting really tired of the partisan

Re:

[Rob Y.]

Does the Constitution address what should be done if the results of an election are tainted? Is impeaching the President and Vice President and following the chain of succession from there the best we have - or is it undefined how you deal with an invalidated election process?

Re:

[bobbied]

What on earth are you talking about? There is no such thing as a "tainted" election, the votes are counted and certified in each state, electors appointed and they cast their votes which is reported to congress. Congress accepts the report from each state for how their electors voted, breaks any ties and certifies the election and we have a president elect. You don't go back at this point, regardless of what happened before, it's done and not reversible.

So, why the question about tainted elections? Do yo

Re:

[Rob Y.]

Well, by 'tainted', I suppose I mean if the Russians had really hacked either voting machines - or tampered with voter registration rolls. Not saying that happened - just asking what the Constitution would have to say about it if it did...

And I guess if the Trump campaign had actually participated in crimes - like the email hacking itself - or the dissemination of the hacked material, that might count as 'tainted', no?

Re:

[bobbied]

Your description of "tainted" then involves the states, not the federal government. Once the results are certified by the state, those are the results from that state. You do recall all the bantering back when Al Gore lost to Bush right? The issue was the same kind of thing. The certified vote count from the state comes from the state's process. So if somebody is altering vote counts, the states are responsible for dealing with it before they certify their results.

The campaign or individuals on the camp

Re:

[sjames]

OTOH, it would be a Pence that knows the president can and will be hauled off in disgrace if necessary and a GOP that knows they're facing a really tough election soon. How anxious will they be to support the tattered remains of the Trump administration?

If they're smart, they may want to ask themselves that now.

Re:

[liquid_schwartz]

If we have someone if office that broke the law, we shouldn't leave them in out of fear that their successor's policies are worse. That makes it even more political. If they did something wrong, they did something wrong, that's it. Not "it's illegal, but we'll selectively not enforce the law because..."

This is akin to how most voting is less about being for something good and mostly about how bad the other person is. A "None of the above" option would fix this but so far nobody has tried it. It's pretty simple, if "None of the above" wins (or if you really want a good system gets in the top 2) then the existing candidates are barred from re-running for that office and a new election is held in the near future. "None of the Above" would have easily beaten both Hillary and Trump in 2016.

Re:

[irving47]

"Let's hope he gets rid of Trump for us, but let's keep our fingers crossed he doesn't, because the replacement would be worse.."
Well that's really clever.

Re:

[jellomizer]

I have more faith that Pence will be working towards are national interests vs Trump who is out for Trump.
I much rather be displeased about the choice the President Made, vs Scared of the choice the President had made.

Re:

[Anonymous Coward]

If Trump is found to be illegally elected then Pence is too.

Re:

[AlanObject]

If Trump is found to be illegally elected then Pence is too.

There is going to be no finding of Trump being elected illegally. The moment that Hillary conceded the election, as did Al Gore before her, the result was final and legal no matter how "crooked" or "influenced" it was.

Re:

[bobbied]

If Trump is found to be illegally elected then Pence is too.

Trump was legally elected. The results have been certified by all the states, the Electoral college have voted and the results legally reported to congress from the states. There is no going back, regardless of how this came about. It's history, it cannot be changed now.

Apart from death, incapacitation, resignation or impeachment, Trump and Pence are in office until noon, January 20, 2021, or 2025 should they win their second election in 2024.

Re:

[tsqr]

If Trump is found to be illegally elected then Pence is too.

If Trump is found to have colluded with Russia in an effort to influence the election, then he will be impeached for that crime. He will not be impeached for "being illegally elected", whatever that might mean. Then Pence will become president, in accordance with the established succession rules. There is no legal mechanism for declaring the election null and void.

Re: Russia is a Problem

[Brockmire]

The American banks have colluded on aluminum price fixing in the past. The suits got tossed, but I recall reading an analysis of the shell companies, the late orders, moving metals from one place to another and back, etc, it was pretty clear they were in the wrong and controlling pricing.

IPv6

[ISoldat53]

One article I read said this traffic was using IPv4. I'm not an engineer but how would using IPv6 have affected this problem? Are blocks assigned the same way in IPv6 as in 4? Wouldn't it make it harder to target a particular block?

Re:

[Verdatum]

The routing tables used for IPv6 are different, but there's no added feature in IPv6 that would protect from a BGP attack or accidental misconfiguration.

Re:

[bobbied]

Exactly this.

This was my first thought... Who accepts route changes from people you don't trust? I suppose *somebody* did this and everybody who trusted them fell in line, but I'd yank who ever sent me such changes out of my trusted list regardless of who they where...

Re:

[sjames]

Keep in mind that BGP is an automated process. After the fact, rules may be added to limit trust, but that doesn't prevent the initial problem.

Also keep in mind that in many cases, BGP is the only way you know anything about the routes. All you have is that router A says it has a 5 hop route to range X and router B says it has a 4 hop route to the same range. Neither A nor B is directly connected to the range in question and both are also depending on BGP.

The stability of BGP currently depends on the lower

beta test

[Anonymous Coward]

Combine this news with Russia's desire to create "their own Internet" https://www.theregister.co.uk/2017/12/01/russia_own_internet/ [theregister.co.uk] and I'd call this a beta test. :-(

Re:

[account_deleted]

Comment removed based on user account deletion

BGP vs. Root name servers?

[irving47]

I don't know the relationship (if any) between the two, but is it just coincidence this is happening less than a month after this:
https://uawire.org/russia-offers-to-deploy-root-name-servers-in-brics-countries

Also, is this something that can be attributed to the 'handing over' of certain services from the US to the UN?

Re:

[Freischutz]

I don't know the relationship (if any) between the two, but is it just coincidence this is happening less than a month after this: https://uawire.org/russia-offe... [uawire.org]

Also, is this something that can be attributed to the 'handing over' of certain services from the US to the UN?

It is. The first thing the UN decided to do when they got control of those services was to redirect all the "Herbal Viagra" and "Penis Enlargement" junk mails to Russia, specifically the address: vladimir.putin@kremlin.ru.

Re:BGP vs. Root name servers?

[dissy]

BGP vs. Root name servers?
I don't know the relationship (if any) between the two, but is it just coincidence this is happening less than a month after this:

No direct relationship, other than DNS servers like all servers have an IP address, and the backbone routers need to know how to get your traffic to said IP.
BGP is how the backbone knows where to send packets to get to the destination.

Normally if you try to go to say Googles web server, the BGP tables list Googles IP space and point to the backbone routers that directly connect (peer) with Googles routers.

In cases of hijacking like this, Russia updated those route tables to say Google is directly connected to one of their own routers, so any packets you send to a Google IP end up going to Russia first.
Then they can do whatever they want, like record it and then pass the packets back to the routers originally listed in BGP before the hijack.

Root DNS servers would be similar, although there are many root DNS servers around the world and any lookups you make tend to semi-randomly pick one from the list for each query.

Another quirk with the root servers is how they are distributed and that they use a logical/physical separation, primarily to be extremely efficient but it can help in cases like this too.
There are 13 "logical" root servers, named with the letters A to M, each for the most part under the control of a different organization/entity.
However for any one of those logical names, there can be many physical servers that answer for it.
They also don't use unicast IP addressing like nearly every server you're used to, but a type of addressing called anycast.

So for example, the "A" server is run by Verisign (from back when they were Internic), and the "E" server is run by NASA.
But "A" actually points to many physical servers distributed around the US.

Anycast provides one IP for each of those many separated servers, and that IP is actually answered by many different networks and ISPs, each having many redundant physical servers to distribute the load over.
Which cluster of servers you get mainly depends on which of those networks is closest to you on the network. So you querying the anycast IP on the west coast will have completely different networks and servers responding than if I queried that same IP on the east cost.

That makes it pretty difficult to hijack in a useful way, and to hijack enough of those routes and servers in a physical area on a single anycast IP, let alone more than one of the server clusters, and let alone again more than one "letter" designated root.

Re:

[DrStrangluv]

I worry more about this in combination with the Russian government's influence over any certificate authorities located in the country that may be trusted by default by major operating systems and browsers.

Any other reported activity?

[weeboo0104]

It may be a coincidence, but the Tenable Network Security forums seemed to get hit on Tuesday by something. For about an hour, our account got hit with a string of forum responses from Tenable. Then it just stopped. I'm thinking that maybe if you replied to the forum message via email, it didn't go back to Tenable?

Testing, testing...

[bradley13]

Testing for exactly what, well...

Better title:

[Orgasmatron]

A better title for the story: Major internet routers still inexplicably accepting unauthenticated BGP announcements

Re:

[Anonymous Coward]

It's perfectly explainable. There is still, in 2017, not a viable solution for authenticating BGP routes between major carriers.

HereCometheBRICs

[sdinfoserv]

The BRIC nations (Russia, Brazil, China, India & South Africa) are building their own backup global DNS system.
https://www.bleepingcomputer.c... [bleepingcomputer.com]
My guess is that it's on track sooner than expected and it's likely more than the purported "backup". Especially with asshat, cabal owned, Pai killing Net Neutrality today, nobody trusts the US, nor should they. The routing should be taken as a precursor.

Bitcoin theft?

[eth1]

Any bets on this being a dry run for a BGP attack used to steal bitcoin?

Re:

[thygate]

MITM SSL attacks to steal your exchange creds ?

A message?

[RhettLivingston]

I wonder if there is something previously considered secret in common about some of the addresses. We'd probably never know if some or all were key points of some government cyber collection or war system, but someone would be having a very, very bad day if they were.

Anyone get suspicious Facebook logins recently?

[ShamblerBishop]

I have a throwaway Facebook account, with a deliberately useless password (easy to recover even with hash+salt) - and it was logged into yesterday from Brazil of all places. Unless Facebook allows unlimited attempts at password logins, before notifying users of failed login attempts, then nobody has tried to login to my account before - and this person appears to have gotten in first-time... So, wonder if my account as MITM'd during a BGP reroute - I didn't login since Monday or before, though.

Re:

[HiThere]

I'm not sure that he is subservient to Putin. I suspect that he helps Russia commit crimes in the US not because he's a traitor, but rather because he gets flattered or bribed. That doesn't mean he isn't a traitor in common usage, though not within the definition given by the US Constitution. It just means that being a traitor isn't why he does that, it's doing that that makes him a traitor.