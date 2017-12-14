Please create an account to participate in the Slashdot moderation system

 


Internet Traffic To Major Tech Firms Mysteriously Rerouted To Russia (securityweek.com) 40

Posted by msmash from the weird-happenstance dept.
wiredmikey writes: Internet traffic to some of the world's largest tech firms was briefly rerouted to Russia earlier this week in what appeared to be a Border Gateway Protocol (BGP) attack. Internet monitoring service BGPmon noticed that 80 IP prefixes for organizations such as Google, Microsoft, Apple, Facebook, NTT Communications, Twitch and Riot Games had been announced by a Russian Autonomous System (AS).

It happened twice on Tuesday and each time it only lasted for roughly three minutes. The first event took place between 04:43 and 04:46 UTC, and the second between 07:07 and 07:10 UTC. Despite being short-lived, BGPmon said the incidents were significant, including due to the fact that the announcements were picked up by several peers and some large ISPs, such as Hurricane Electric and Zayo in the U.S., Telstra in Australia, and NORDUnet, which is a joint project of several Nordic countries. The incident is rather suspicious, as the prefixes that were affected are all high profile destinations, as well as several more specific prefixes that aren't normally seen on the Internet.

Internet Traffic To Major Tech Firms Mysteriously Rerouted To Russia

  • MitM attacks (Score:5, Interesting)

    by Rick Schumann ( 4662797 ) on Thursday December 14, 2017 @12:51PM (#55739615) Journal
    Seems to me you can complete quite a few MitM attacks in three minutes. Wonder how many people were compromised and/or how many websites were compromised? Or was this just a 'dry run' for a larger attack? Guess we won't know until the other shoe drops.
  • One article I read said this traffic was using IPv4. I'm not an engineer but how would using IPv6 have affected this problem? Are blocks assigned the same way in IPv6 as in 4? Wouldn't it make it harder to target a particular block?
    • The routing tables used for IPv6 are different, but there's no added feature in IPv6 that would protect from a BGP attack or accidental misconfiguration.

  • beta test (Score:1)

    by Anonymous Coward

    Combine this news with Russia's desire to create "their own Internet" https://www.theregister.co.uk/2017/12/01/russia_own_internet/ [theregister.co.uk] and I'd call this a beta test. :-(

  • BGP vs. Root name servers? (Score:4, Interesting)

    by irving47 ( 73147 ) on Thursday December 14, 2017 @12:59PM (#55739699) Homepage

    I don't know the relationship (if any) between the two, but is it just coincidence this is happening less than a month after this:
    https://uawire.org/russia-offers-to-deploy-root-name-servers-in-brics-countries

    Also, is this something that can be attributed to the 'handing over' of certain services from the US to the UN?

    • I don't know the relationship (if any) between the two, but is it just coincidence this is happening less than a month after this: https://uawire.org/russia-offe... [uawire.org]

      Also, is this something that can be attributed to the 'handing over' of certain services from the US to the UN?

      It is. The first thing the UN decided to do when they got control of those services was to redirect all the "Herbal Viagra" and "Penis Enlargement" junk mails to Russia, specifically the address: vladimir.putin@kremlin.ru.

  • It may be a coincidence, but the Tenable Network Security forums seemed to get hit on Tuesday by something. For about an hour, our account got hit with a string of forum responses from Tenable. Then it just stopped. I'm thinking that maybe if you replied to the forum message via email, it didn't go back to Tenable?

  • Testing for exactly what, well...

  • Better title: (Score:3)

    by Orgasmatron ( 8103 ) on Thursday December 14, 2017 @01:32PM (#55739999)

    A better title for the story: Major internet routers still inexplicably accepting unauthenticated BGP announcements

  • The BRIC nations (Russia, Brazil, China, India & South Africa) are building their own backup global DNS system.
    https://www.bleepingcomputer.c... [bleepingcomputer.com]
    My guess is that it's on track sooner than expected and it's likely more than the purported "backup". Especially with asshat, cabal owned, Pai killing Net Neutrality today, nobody trusts the US, nor should they. The routing should be taken as a precursor.

  • Any bets on this being a dry run for a BGP attack used to steal bitcoin?

