William Gallagher
For a period of around 12 hours, Russia's Rostelecom tried repeatedly to route users of Apple services through own servers, even through countermeasures applied by Apple engineers.
Rostelecom is Russia's largest internet provider and for a period of just over 12 hours, it repeatedly tried to hijack traffic intended for Apple services. It can't be established whether this was a deliberate attempt or an internet configuration error, but Rostelecom made what are called false route announcements that could make internet connections to to its servers instead of Apple's.
MANRS, an organization that works "to reduce the most common routing threats," says that Russia did this periodically over July 26 and July 27.
Users never select specific routes to servers, they just attempt to access a service and the routing takes place behind the scenes. MANRS says that effectively, Rostelecom's servers claimed to be the route to a wide range of Apple services.
The organization's full post examines all publicly-available information about the attack and details some steps Apple must have taken to combat it.
Ultimately, what happened is that Rostelecom servers announced they were the route to a broad range of Apple services. But Apple then had its servers announce more specific routes.
"When the routes a network is announcing are not covered by valid Route Origin Authorization (ROA)," writes MANRS, "the only option during a route hijack is to announce more specific routes. This is exactly what Apple Engineering did today."
After around 12 hours, Rostelecom ceased sending the false routing announcements.
"We are not aware of any information yet from Apple that indicates what, if any, Apple services were affected," continues MANRS. "We also have not seen any information from Rostelecom about whether this was a configuration mistake or a deliberate action."
Through the period of time that the routing was under attack, Apple services had no downtime, nor a notable increase in complaints.
Charles Martin
Christine McKee
Oliver Haslam
23 Comments
Apple needs to sever all ties with Russia. Cut them off cold to updates, services, iCloud, AppleMusic, everything. Flip the switch without warning. You live in Russia your device is bricked and you are SOL. I know that Apple keeps talking about trying to protect their customers. It's too late for that. Until the general populace starts feeling the pain from Putin's war they won't put an end to it. Remember, that's what brought down the Tzar. The people get fed up with paying in blood and treasure for the Tzar's adventure in WWI. It's time for another revolution and Apple needs to step up and do their part.
... is this a good reminder of the potential vulnerability of (especially large, high value) cloud services with so many potential attack vectors ...?
... is it the opposite of the concept of the internet in terms of communication reliability of multiple web connections ...?
The Kremlin apparently went low tech: www.cnet.com/culture/kremlin-finds-way-to-avoid-leaks-typewriters/
The ORCs, randomly banging away again on their keyboards