Russia tried to hijack some of Apple's internet traffic for 12 hours

article thumbnail

AppleInsider is supported by its audience and may earn commission as an Amazon Associate and affiliate partner on qualifying purchases. These affiliate partnerships do not influence our editorial content.

For a period of around 12 hours, Russia's Rostelecom tried repeatedly to route users of Apple services through own servers, even through countermeasures applied by Apple engineers.

Rostelecom is Russia's largest internet provider and for a period of just over 12 hours, it repeatedly tried to hijack traffic intended for Apple services. It can't be established whether this was a deliberate attempt or an internet configuration error, but Rostelecom made what are called false route announcements that could make internet connections to to its servers instead of Apple's.

MANRS, an organization that works "to reduce the most common routing threats," says that Russia did this periodically over July 26 and July 27.

Users never select specific routes to servers, they just attempt to access a service and the routing takes place behind the scenes. MANRS says that effectively, Rostelecom's servers claimed to be the route to a wide range of Apple services.

The organization's full post examines all publicly-available information about the attack and details some steps Apple must have taken to combat it.

Ultimately, what happened is that Rostelecom servers announced they were the route to a broad range of Apple services. But Apple then had its servers announce more specific routes.

"When the routes a network is announcing are not covered by valid Route Origin Authorization (ROA)," writes MANRS, "the only option during a route hijack is to announce more specific routes. This is exactly what Apple Engineering did today."

After around 12 hours, Rostelecom ceased sending the false routing announcements.

"We are not aware of any information yet from Apple that indicates what, if any, Apple services were affected," continues MANRS. "We also have not seen any information from Rostelecom about whether this was a configuration mistake or a deliberate action."

Through the period of time that the routing was under attack, Apple services had no downtime, nor a notable increase in complaints.