Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

'Intentional' event redirects cloud traffic from Apple, Google & others through Russia

Last updated

Internet traffic coming into and out of Apple, Facebook, Google, Microsoft, and other companies was briefly redirected through a Russian provider on Wednesday, in what appears to have been a deliberate move.

The incident involved the Border Gateway Protocol, or BGP, which funnels high-level traffic through nodes like internet backbones, according to Ars Technica, citing reports by monitoring services BGPMon and Qrator Labs. BGPMon recorded two three-minute hijacks, affecting 80 address blocks in total. Qrator Labs said the incident spanned two hours, with the number of address blocks fluctuating between 40 and 80.

Some reasons for suspicion include the prominence of the impacted companies, and the fact that IP addresses were split into smaller blocks than those announced by the companies — something that doesn't normally happen with a BGP configuration error.

The autonomous Russian system that performed the hijack, known as AS39523, was previously inactive for years except for another BGP incident in August that involved Google.

It's unknown what might been done with data if the latest redirect was deliberate, since much or all of it would've been protected by encryption that has yet to be defeated, at least according to public knowledge. An attacker could conceivably have figured out decryption, attempted to crack it, or may be storing the data for future attacks.



22 Comments

🌟
negociarlaw 7 Years · 42 comments

For sure there are very real dangers lurking in cyberspace that must be found and stopped before they do catastrophic damage. 

🍪
gatorguy 13 Years · 24632 comments

Internet traffic coming into and out of Apple, Facebook, Google, Microsoft, and other companies was briefly redirected through a Russian provider on Wednesday, in what appears to have been a deliberate move.The incident involved the Border Gateway Protocol, or BGP, which funnels high-level traffic through nodes like internet backbones, according to Ars Technica, citing reports by monitoring services BGPMon and Qrator Labs. BGPMon recorded two three-minute hijacks, affecting 80 address blocks in total. Qrator Labs said the incident spanned two hours, with the number of address blocks fluctuating between 40 and 80.

Some reasons for suspicion include the prominence of the impacted companies, and the fact that IP addresses were split into smaller blocks than those announced by the companies -- something that doesn't normally happen with a BGP configuration error.

The autonomous Russian system that performed the hijack, known as AS39523, was previously inactive for years except for another BGP incident in August that involved Google.

It's unknown what might been done with data if the latest redirect was deliberate, since much or all of it would've been protected by encryption that has yet to be defeated, at least according to public knowledge. An attacker could conceivably have figured out decryption, attempted to crack it it, or may be storing the data for future attacks.

Not mentioned was yet another incident back in April where payment networks were redirected.
https://arstechnica.com/information-technology/2017/04/russian-controlled-telecom-hijacks-financial-services-internet-traffic/

🎅
gatorguy 13 Years · 24632 comments

For sure there are very real dangers lurking in cyberspace that must be found and stopped before they do catastrophic damage. 

This has been going on for quite awhile. Sometimes it's Russian traffic redirected to China/others, with the Chinese reportedly behind other events as well in recent years. Russia has probably been behind other redirects themselves. No doubt IMO US agencies have done the same.
https://dyn.com/blog/chinese-routing-errors-redirect-russian-traffic/
https://www.washingtontimes.com/news/2010/nov/15/internet-traffic-was-routed-via-chinese-servers/
https://www.computerworld.com/article/2532289/cybercrime-hacking/cyberattacks-knock-out-georgia-s-internet-presence.html

For its part Russia is actively and aggressively working to keep Russian internet traffic within Russia and under their control. 
https://www.bleepingcomputer.com/news/government/russia-plans-to-keep-internet-traffic-inside-the-country-fearing-foreign-wiretaps/

🎁
igorsky 9 Years · 775 comments

I'd like to know when we're going to give these fuckers a taste of their own medicine.

🕯️
emoeller 17 Years · 590 comments

Not that long ago all of the internet backbone servers resided in the US.   It was only a matter of time before this type of activity (and cyber-warfare in general) escalated.  

In the end counties will begin to erect walled gardens to monitor and control extranet activities (Russia, China, Iran etc already have this in place).   The end of the open internet as we had created and known it will unfortunately end.  

Freedom, once lost is very difficult to restore.  We will lose net neutrality today unless we continue to fight for it, and the same goes for the internet itself.