‘Suspicious and Intentional’ event redirects cloud traffic from Apple, Google and others through Russia

“Traffic sent to and from Google, Facebook, Apple, and Microsoft was briefly routed through a previously unknown Russian Internet provider Wednesday under circumstances researchers said was suspicious and intentional,” Dan Goodin writes for Ars Technica. “The unexplained incident involving the Internet’s Border Gateway Protocol is the latest to raise troubling questions about the trust and reliability of communications sent over the global network. ”

“BGP routes large-scale amounts of traffic among Internet backbones, ISPs, and other large networks. But despite the sensitivity and amount of data it controls, BGP’s security is often based on trust and word of mouth,” Goodin writes. “Wednesday’s event comes eight months after large chunks of network traffic belonging to MasterCard, Visa, and more than two dozen other financial services were briefly routed through a Russian government-controlled telecom, also under suspicious circumstances.”

“According to a blog post published Wednesday by Internet monitoring service BGPMon, the hijack lasted a total of six minutes and affected 80 separate address blocks. It started at 4:43 UTC and continued for three minutes. A second hijacking occurred at 7:07 UTC and also lasted three minutes,” Goodin writes. “While BGP rerouting events are often the result of human error rather than malicious intent, BGPMon researchers said several things made Wednesday’s incident “suspicious.” First, the rerouted traffic belonged to some of the most sensitive companies, which — besides Google, Facebook, Apple, and Microsoft — also included Twitch, NTT Communications, and Riot Games. Besides the cherrypicked targets, hijacked IP addresses were broken up into smaller, more specific blocks than those announced by affected companies, an indication the rerouting was ‘intentional.'”

“Little is currently known about AS39523, the previously unused autonomous system that initiated the hijacking. AS39523 hasn’t been active in years, except for one brief BGP incident in August that also involved Google,” Goodin writes. “It remains unclear what engineers inside AS39523 did with what could be terabytes of data that passed through their servers.”

Read more in the full article here.

MacDailyNews Take: Where’s James Bond when we need him?


    1. They can scoop it all up and keep for cracking later on. Do you realize how much data that could be involved?

      One of the not frequently mentioned problems with the cloud is the vulnerability of the network to nefarious actors. Not only can they hack, but they could shut down access for significant periods of time and cripple companies or whole nations. Most of us carry little to no cash and rely on cards or Apple Pay. If the network is out, you will not be buying gas, a meal, paying bills, buying groceries, etc.

      Your Doctor May well be denied access to your medical record, the Pharmacy access to inventory or Radiology the ability to produce, review or report examinations. Our Hospital system, for instance, uses remote access to control meds down to the unit level over the internet. Those devices are unlocked by the Pharmacist or by standing order from a aphysician over another cloud based system. Yes there is backup, but it is woefully inefficient. An attack on the web could make a lot of things go stupid very quickly.

    2. Just to let everyone know, the mean spirited political person masquerading as Paul does not represent me.

      Anyone who would dismiss an internet security breach, or the willingness of any officials to collude in any way with shadow foreign elements for political or financial gain, is an idiot. If you care about democracy and personal freedom, you need to be on the side of transparency and accountability.

    1. Errr, no, I am not a bot. Trying to save you from becoming one. Like pavlova’s dogs you all start to saliva at the smallest piece FUD. Have you got your torches lit yet?

      As far as “proof of concept” goes, …… its been done before right?

      1. …”pavlova’s dogs”… Did you mean ‘Pavlov’s dogs’? Pavlova is a dessert.

        …”start to saliva”… Did you mean ‘start to salivate’?

        Do you have ANY idea how much data passes through Internet backbone relay servers in a few minutes? Encrypted or not, these hackers have gained access to a treasure trove of sensitive data.

        You may not be a bot, but you’re definitely a moron.

      2. Your language sure doesn’t sound like a knowledgable professional… which is what you’d need to be to make any real evaluation of this.

        But prove me wrong — What is your technical background behind your first declaration.

      3. Hey Paul, I think you need to go back to school for at least several years before trying to make pronouncements about deep technical matters.

        Also, brush up on your spelling and grammar.
        – capital P
        – dogs, (comma)
        – before, right? (comma)
        – of FUD
        – it’s been
        – and the wonderful pavlova and saliva.

        You’re sure putting an unfortunate searchlight on yourself there, boyo. You might go for a bit less arrogance and bombast.

    2. Are you NSA troll bot?

      This “news” is certainly a FUD as there is no way to can steal banking data or anything of importance this way because the destinations always check CRC/encryption hashes. Through which ways the traffic goes does not matter at all in such circumstances.

      So what we have here is a glitch of no consequence that is presented as some dangerous event.

  1. Oh goodness data running through a nation that is not Apple’s home country. Next thing you know they will breathing Apple’s home country air, and drinking Apple’s home country’s water. I’m sure there are those that worry that Apple’s home country find the whole thing simply unacceptable, and will soon view it as a threat, whip up a story about how Russia has a weapons of mass destruction program and decide to invade disregarding their sovereignty.

    Fear not, bully nations never take on someone their own size.

  2. Little Snitch has been showing my computer talking to Russia for weeks. No malware on it that I know of, but it’s talking to someone over there at some point during conversations with some non-Russia websites.

    1. Yes, this is concerning. I am shocked at how much Apple phones home. How do we know how well these transmissions are secured? No way I would ever trust a cloud based keychain.

      How do you find the geographic location of ISP addresses?

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.