Slashdot Mirror

← Back to Stories (view on slashdot.org)

Internet Traffic To Major Tech Firms Mysteriously Rerouted To Russia (securityweek.com)

Posted by msmash on from the weird-happenstance dept.

wiredmikey writes: Internet traffic to some of the world's largest tech firms was briefly rerouted to Russia earlier this week in what appeared to be a Border Gateway Protocol (BGP) attack. Internet monitoring service BGPmon noticed that 80 IP prefixes for organizations such as Google, Microsoft, Apple, Facebook, NTT Communications, Twitch and Riot Games had been announced by a Russian Autonomous System (AS).

It happened twice on Tuesday and each time it only lasted for roughly three minutes. The first event took place between 04:43 and 04:46 UTC, and the second between 07:07 and 07:10 UTC. Despite being short-lived, BGPmon said the incidents were significant, including due to the fact that the announcements were picked up by several peers and some large ISPs, such as Hurricane Electric and Zayo in the U.S., Telstra in Australia, and NORDUnet, which is a joint project of several Nordic countries. The incident is rather suspicious, as the prefixes that were affected are all high profile destinations, as well as several more specific prefixes that aren't normally seen on the Internet.

13 of 106 comments (clear)

  1. MitM attacks by Rick+Schumann · · Score: 5, Interesting

    Seems to me you can complete quite a few MitM attacks in three minutes. Wonder how many people were compromised and/or how many websites were compromised? Or was this just a 'dry run' for a larger attack? Guess we won't know until the other shoe drops.

  2. Re:Russia is a Problem by um...+Lucas · · Score: 2, Informative

    If we have someone if office that broke the law, we shouldn't leave them in out of fear that their successor's policies are worse. That makes it even more political. If they did something wrong, they did something wrong, that's it. Not "it's illegal, but we'll selectively not enforce the law because..."

  3. BGP vs. Root name servers? by irving47 · · Score: 4, Interesting

    I don't know the relationship (if any) between the two, but is it just coincidence this is happening less than a month after this:
    https://uawire.org/russia-offers-to-deploy-root-name-servers-in-brics-countries

    Also, is this something that can be attributed to the 'handing over' of certain services from the US to the UN?

    --
    I had a sucky sig.
    1. Re:BGP vs. Root name servers? by dissy · · Score: 3, Informative

      BGP vs. Root name servers?
      I don't know the relationship (if any) between the two, but is it just coincidence this is happening less than a month after this:

      No direct relationship, other than DNS servers like all servers have an IP address, and the backbone routers need to know how to get your traffic to said IP.
      BGP is how the backbone knows where to send packets to get to the destination.

      Normally if you try to go to say Googles web server, the BGP tables list Googles IP space and point to the backbone routers that directly connect (peer) with Googles routers.

      In cases of hijacking like this, Russia updated those route tables to say Google is directly connected to one of their own routers, so any packets you send to a Google IP end up going to Russia first.
      Then they can do whatever they want, like record it and then pass the packets back to the routers originally listed in BGP before the hijack.

      Root DNS servers would be similar, although there are many root DNS servers around the world and any lookups you make tend to semi-randomly pick one from the list for each query.

      Another quirk with the root servers is how they are distributed and that they use a logical/physical separation, primarily to be extremely efficient but it can help in cases like this too.
      There are 13 "logical" root servers, named with the letters A to M, each for the most part under the control of a different organization/entity.
      However for any one of those logical names, there can be many physical servers that answer for it.
      They also don't use unicast IP addressing like nearly every server you're used to, but a type of addressing called anycast.

      So for example, the "A" server is run by Verisign (from back when they were Internic), and the "E" server is run by NASA.
      But "A" actually points to many physical servers distributed around the US.

      Anycast provides one IP for each of those many separated servers, and that IP is actually answered by many different networks and ISPs, each having many redundant physical servers to distribute the load over.
      Which cluster of servers you get mainly depends on which of those networks is closest to you on the network. So you querying the anycast IP on the west coast will have completely different networks and servers responding than if I queried that same IP on the east cost.

      That makes it pretty difficult to hijack in a useful way, and to hijack enough of those routes and servers in a physical area on a single anycast IP, let alone more than one of the server clusters, and let alone again more than one "letter" designated root.

  4. Re:Russia is a Problem by jellomizer · · Score: 2, Informative

    I have more faith that Pence will be working towards are national interests vs Trump who is out for Trump.
    I much rather be displeased about the choice the President Made, vs Scared of the choice the President had made.

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
  5. Re:Russia is a Problem by hackwrench · · Score: 2

    The Constitution has provisions to handle this unfortunately and if Mike Pence isn't impeached as well, he's in and there's a pecking order as to who gets in determined as well if I recall correctly.

  6. Better title: by Orgasmatron · · Score: 5, Insightful

    A better title for the story: Major internet routers still inexplicably accepting unauthenticated BGP announcements

    --
    See that "Preview" button?
  7. Re:Russia is a Problem by fahrbot-bot · · Score: 4, Informative

    The Constitution has provisions to handle this unfortunately and if Mike Pence isn't impeached as well, he's in and there's a pecking order as to who gets in determined as well if I recall correctly.

    Wikipedia has the current line of Presidential Succession:

    • 1 Vice President - Mike Pence (R)
    • 2 Speaker of the House of Representatives - Paul Ryan (R)
    • 3 President pro tempore of the Senate - Orrin Hatch (R)
    • 4 Secretary of State - Rex Tillerson (R)
    • 5 Secretary of the Treasury - Steven Mnuchin (R)
    • 6 Secretary of Defense - Jim Mattis (I)
    • 7 Attorney General - Jeff Sessions (R)
    • 8 Secretary of the Interior - Ryan Zinke (R)
    • 9 Secretary of Agriculture - Sonny Perdue (R)
    • 10 Secretary of Commerce - Wilbur Ross (R)
    • 11 Secretary of Labor - Alex Acosta (R)
    • 12 Secretary of Health and Human Services - Eric Hargan (R) Acting
    • 13 Secretary of Housing and Urban Development - Ben Carson (R)
    • – Secretary of Transportation - Elaine Chao (R) [ ineligible, not natural-born US citizen ]
    • 14 Secretary of Energy - Rick Perry (R)
    • 15 Secretary of Education - Betsy DeVos (R)
    • 16 Secretary of Veterans Affairs - David Shulkin (I)
    • 17 Secretary of Homeland Security - Kirstjen Nielsen (I)

    See *anyone* in there you'd really like to see as President?

    --
    It must have been something you assimilated. . . .
  8. Re:IPv6 by Verdatum · · Score: 2

    The routing tables used for IPv6 are different, but there's no added feature in IPv6 that would protect from a BGP attack or accidental misconfiguration.

  9. Re:Russia is a Problem by bobbied · · Score: 2

    Not suggesting that. If Mueller discovers there was in fact collusion and therefore Trump can't legitimately be POTUS, I'd hope that they'd throw out his entire cabinet and force a special election.

    You cannot be serious.. A "Special election"?

    We are a nation of laws and the whole thing starts with the US Constitution which addresses how it works when the office of president is vacant and it's NOT by special election. The office goes to the Vice-president who then appoints a new VP of his/her choice. Should BOTH the President and Vice-president be incapacitated at the same time, the office would fall to the speaker of the house, right now that would be Paul Ryan... There is a whole list of who gets the office in the case where all the previous people are unavailable but we've never had to go past VP at this point.

    Assuming "Rick" is a US citizen, I'm shaking my heat wondering what kind of school he went too which seems to have omitted any discussions about the US constitution because his education is sorely lacking, painfully so. A "special election" ? Now that's sad.

    --
    "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
  10. Re:Russia is a Problem by AlanObject · · Score: 2

    If Trump is found to be illegally elected then Pence is too.

    There is going to be no finding of Trump being elected illegally. The moment that Hillary conceded the election, as did Al Gore before her, the result was final and legal no matter how "crooked" or "influenced" it was.

  11. Re:Russia is a Problem by bobbied · · Score: 2

    True, but the president appoints and a majority of congress approves or not. Pence would get his choice because I doubt the democrats would want to be seen turning his choice down just for spite, and it would be just for spite.

    I suppose it would depend on the circumstances of Pence taking power though. IF Trump is forced out (impeached/convicted or resigns under duress) the democrats would be stupid to be seen bashing Pence after bashing Trump. I can see the voters getting really tired of the partisan game playing by then. If Trump is incapacitated or dies in office, the sympathy factor will preclude democrats wanting to be seen as bashing Pence.

    I don't see impeachment/conviction being even remotely possible regardless of what 2018 brings us in the house. You might manage to float it though the house after 2018 but It's far from sure democrats will take the house back. (I'm betting not). If you do manage to get articles of impeachment though the house I doubt Trump will resign under democratic pressure, doesn't seem to be his style. The Senate won't vote to convict regardless of what happens in 2018 (it takes 2/3rds you know). So Trump remains president though January 20, 2021.

    But I have a question... What would be the "high crimes and misdemeanors" in this hypothetical impeachment? I cannot seem to come up with anything that's plausible and serious enough to warrant what you trying to do here. Just because folks like to yell "Impeach 45" at campaign rallies doesn't make it possible or advisable...

    --
    "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
  12. Anyone get suspicious Facebook logins recently? by ShamblerBishop · · Score: 2

    I have a throwaway Facebook account, with a deliberately useless password (easy to recover even with hash+salt) - and it was logged into yesterday from Brazil of all places. Unless Facebook allows unlimited attempts at password logins, before notifying users of failed login attempts, then nobody has tried to login to my account before - and this person appears to have gotten in first-time... So, wonder if my account as MITM'd during a BGP reroute - I didn't login since Monday or before, though.