“Traffic sent to and from Google, Facebook, Apple, and Microsoft was briefly routed through a previously unknown Russian Internet provider Wednesday under circumstances researchers said was suspicious and intentional,” Dan Goodin writes for Ars Technica. “The unexplained incident involving the Internet’s Border Gateway Protocol is the latest to raise troubling questions about the trust and reliability of communications sent over the global network. ”
“BGP routes large-scale amounts of traffic among Internet backbones, ISPs, and other large networks. But despite the sensitivity and amount of data it controls, BGP’s security is often based on trust and word of mouth,” Goodin writes. “Wednesday’s event comes eight months after large chunks of network traffic belonging to MasterCard, Visa, and more than two dozen other financial services were briefly routed through a Russian government-controlled telecom, also under suspicious circumstances.”
“According to a blog post published Wednesday by Internet monitoring service BGPMon, the hijack lasted a total of six minutes and affected 80 separate address blocks. It started at 4:43 UTC and continued for three minutes. A second hijacking occurred at 7:07 UTC and also lasted three minutes,” Goodin writes. “While BGP rerouting events are often the result of human error rather than malicious intent, BGPMon researchers said several things made Wednesday’s incident “suspicious.” First, the rerouted traffic belonged to some of the most sensitive companies, which — besides Google, Facebook, Apple, and Microsoft — also included Twitch, NTT Communications, and Riot Games. Besides the cherrypicked targets, hijacked IP addresses were broken up into smaller, more specific blocks than those announced by affected companies, an indication the rerouting was ‘intentional.'”
“Little is currently known about AS39523, the previously unused autonomous system that initiated the hijacking. AS39523 hasn’t been active in years, except for one brief BGP incident in August that also involved Google,” Goodin writes. “It remains unclear what engineers inside AS39523 did with what could be terabytes of data that passed through their servers.”
Read more in the full article here.
MacDailyNews Take: Where’s James Bond when we need him?