Slashdot Mirror
Internet Traffic To Major Tech Firms Mysteriously Rerouted To Russia (securityweek.com)
wiredmikey writes: Internet traffic to some of the world's largest tech firms was briefly rerouted to Russia earlier this week in what appeared to be a Border Gateway Protocol (BGP) attack. Internet monitoring service BGPmon noticed that 80 IP prefixes for organizations such as Google, Microsoft, Apple, Facebook, NTT Communications, Twitch and Riot Games had been announced by a Russian Autonomous System (AS).
It happened twice on Tuesday and each time it only lasted for roughly three minutes. The first event took place between 04:43 and 04:46 UTC, and the second between 07:07 and 07:10 UTC. Despite being short-lived, BGPmon said the incidents were significant, including due to the fact that the announcements were picked up by several peers and some large ISPs, such as Hurricane Electric and Zayo in the U.S., Telstra in Australia, and NORDUnet, which is a joint project of several Nordic countries. The incident is rather suspicious, as the prefixes that were affected are all high profile destinations, as well as several more specific prefixes that aren't normally seen on the Internet.
It happened twice on Tuesday and each time it only lasted for roughly three minutes. The first event took place between 04:43 and 04:46 UTC, and the second between 07:07 and 07:10 UTC. Despite being short-lived, BGPmon said the incidents were significant, including due to the fact that the announcements were picked up by several peers and some large ISPs, such as Hurricane Electric and Zayo in the U.S., Telstra in Australia, and NORDUnet, which is a joint project of several Nordic countries. The incident is rather suspicious, as the prefixes that were affected are all high profile destinations, as well as several more specific prefixes that aren't normally seen on the Internet.
Seems to me you can complete quite a few MitM attacks in three minutes. Wonder how many people were compromised and/or how many websites were compromised? Or was this just a 'dry run' for a larger attack? Guess we won't know until the other shoe drops.
I don't know the relationship (if any) between the two, but is it just coincidence this is happening less than a month after this:
https://uawire.org/russia-offers-to-deploy-root-name-servers-in-brics-countries
Also, is this something that can be attributed to the 'handing over' of certain services from the US to the UN?
I had a sucky sig.
Not suggesting that. If Mueller discovers there was in fact collusion and therefore Trump can't legitimately be POTUS, I'd hope that they'd throw out his entire cabinet and force a special election. It'd be a huge mess but it'd be better than Pence as POTUS, at least in the long run. Problem is there's no precedent for any of that, so who knows how it'd be handled? With the GOP still holding a majority in Congress, they'd fight as hard as they possibly could to keep Pence around -- which would be far, far worse for the country than Trump has been, in ways I don't even want to think about (spoiler: Pence is a Dominionist). Also it may take another year or two for Mueller's investigation to come to it's conclusion. Most likely scenario is the Trump Administration doesn't do much of anything for 4 years, the GOP keeps fighting with itself for 4 years, and in 2020 we end up with a Democrat back in the Whitehouse and the GOP back in the minority, as the needle swings back towards the left, as everyone realizes what a gigantic mistake and disaster their choices in 2016 were.
Any bets on this being a dry run for a BGP attack used to steal bitcoin?