Slashdot Mirror
Nigerian Firm Takes Blame For Routing Google Traffic Through China (reuters.com)
Earlier today, it was reported that Google suffered a brief outage on Monday that pushed some of its traffic through networks in Russia, China, and Nigeria. Soon after Google said it would conduct an investigation, Nigeria's Main One Cable Company fessed up to the incident. According to Reuters, the company says it "accidentally caused the problem during a network upgrade." From the report: Main One said in an email that it had caused a 74-minute glitch by misconfiguring a border gateway protocol filter used to route traffic across the internet. That resulted in some Google traffic being sent through Main One partner China Telecom, the West African firm said. Even though Main One said it was to blame, some security experts said the incident highlighted concerns about the potential for hackers to conduct espionage or disrupt communications by exploiting known vulnerabilities in the way traffic is routed over the internet. Main One, which describes itself as a leading provider of telecom and network services for businesses in West Africa, said that it had investigated the matter and implemented new processes to prevent it from happening again.
Nigerian scam!?
What with Google being Google and all. I suppose they figured they'd be able to blame it on someone else so this possible security breach info was okay to be let out into the public domain.
How about we put NATO in charge of the global security of the internet, instead of Main One Cable, Nigeria's most expendable intern?
Hmmm Does China Telecom own a stake in Main One?
We really need to figure out a way to secure BGP announcements.
that prince said something bad would happen if I didn't help him cash in that inheritance
I work for the Department of Redundancy Department.
"Please dear sir,
I am writing this to you because I am in need of your help. You see I have a vast fortune that I need expedited to your country. I am in the process of immigrating there but to avoid the taxes from your country I wish to transfer to you my fortune. Well wait! When I am successfully in your country I will of course need to take possession of that money, but of course you will be handsomely rewarded for this small trifle of your time! All I need you to do is to reroute your financial information through our servers here in Nigeria so that I can discreetly deposit the funds into your account. Trust me when I say there will be no interruption in any services you see from your end, and at the end of the day there will be a vast sum of money in your account. We have the most reliable service here in Nigeria so you can trust me when I say that your information is completely secure.
Please respond as soon as possible as time is of the utmost essence."
--Sent to a senior google engineer
It's called BGP, which you can google, nazi faggot Cayenne you illiterate coward.
Nope, just a network operator making a boo-boo. Sorry, no ebil haxx0rz in teh intartubes for you!
China gave them something. Make sure the price we make them pay is at least 1000 time higher. Cut off all traffic to the ISP for 2 months, something like that. If they go bankrupt that will give the next ISP who considers this something to think about first.
Maybe its time for BGP (the protocol that is used by all these networks to talk to each other) to get some security so that people can't advertise routes for IP blocks they dont actually own.
We really need to figure out a way to secure BGP announcements.
I've heard that for at least fifteen years. Couldn't you hire an intern or something?
See subject: APK Hosts File Engine 11.0++ 64-bit for Windows h t t p : / / a p k . i t - m a t e . c o . u k / A P K H o s t s F i l e E n g i n e F o r W i n d o w s . z i p
Yields more security/speed/reliability/anonymity vs. any 1 solution (99% of threats use hostnames vs. IP address most firewalls use) more efficiently/FASTER + NATIVELY 4 less!
Vs. "Bolt on 'MoAr' illogic-logic" slowing u hosts speed u up 2 ways: Adblocks + Hardcode fav. sites u spend most time @ vs. competition loaded w/ security bugs (DNS/AntiVir) + overheads slowing u (messagepass 'souled-out' to advertisers easily detected & blocked addons + firewall filtering drivers) & their complexity leads to exploit!
* ONLY 1 of its kind in GUI 4 Windows & supports port filters!
APK
P.S.=> Protects vs. all speculative execution exploits + scripts/trackers (faster vs. NoScript @ kernelmode level)/ads/DNS request tracking + redirect poisoned or downed DNS/botnets/malware/malcript/email malicious payloads... apk
Some googling shows a number of articles that China is planning to dump billions of dollars into Nigeria in various areas. I wouldn't be surprised to learn that telecoms in Nigeria are also working closely with China and in exchange for money and favors, they are routing traffic -- ie: acting as an arm of the Chinese Intelligence agency.
I think the West should keep an eye on all the countries that China gets involved with via the One Belt One Road initiative, because those could be countries that might opt to route traffic to China as well.
Naggers complain about everything
You're caught impersonating me c6gunner (your name's the submitter signing "APK") https://linux.slashdot.org/com... & you ALTERED /.ers PRAISE of my work (not yours you don't even HAVE).
(Don't throw stones if you live in a glass house vs. me: RIGHT ZIP? https://yro.slashdot.org/comme... )
*** IGNORANT LYING CHIMP "ZIP" SHOT DOWN FOR HIS LIES & TECH FUCKUPS vs. me https://games.slashdot.org/com...
LIAR ZIP says he has no account "I don't have an account, so I don't have mod points" https://news.slashdot.org/comm...
Yet LIAR ZIP says he downmods my posts (IMPOSSIBLE MINUS AN ACCOUNT on /.): "I down-modded a few of your post on other threads" - by Anonymous Coward "ZIP" on Thursday October 11, 2018 @11:31AM (#57461058) FROM https://yro.slashdot.org/comme...
These PUSSY bullshit artists aren't bullies - they're worse - they're pussy ass PUNKS & talkers (all talk "ne'er-do-well" DO-NOTHINGS).
APK
P.S.=> Hosts can stop portsmash (blocking downloads of it) "You basically have to already be able to run your own evil code on a machine in order to PortSmash it." from https://www.theregister.co.uk/... not Spectre/Meltdown AFAIK (but it's POSSIBLE it might but NOT TOTALLY SURE here (vs. say, RPC using them which would be REMOTE vs. LOCAL as in portsmash above) per https://meltdownattack.com/mel... &/or https://spectreattack.com/spec... ACADEMIC RESEARCH into their mechanics ) - & U FAIL a PORTFILTERING TEST https://yro.slashdot.org/comme... ... apk
ZIP - who came up w/ the C++ fix 1st here (where YOU said you did & multiple times in your post history) https://tech.slashdot.org/comm... ?
* I DID YOU LYING PITIFUL NO SKILLS SIMIAN (or accomplishments you can show & I can (folks like & use MY work https://it.slashdot.org/commen... NOT your "hotairware" that doesn't exist - lol!)
DESPITE saying "I'm a much better programmer than APK" - by Anonymous Coward ZIP on Monday October 08, 2018 @11:27PM (#57449082) FROM https://yro.slashdot.org/comme... )
You do-NOTHING all talk fucking CHIMP loser... lol!
IT WOULD HAVE BEEN IMPOSSIBLE FOR YOU TO DO SO PRIOR TO IT there in that debate - mine was 1st reply to raymorris cluing him into C++ bufferoverflow possibles AND HOW TO FIX IT!
I used ObjectPascal which HAS NO SUCH ISSUE (length's built-into strings).
Tell us about your "modpoints" you say you don't have (but you did before that) too:
LIAR ZIP says he has no account "I don't have an account, so I don't have mod points" https://news.slashdot.org/comm...
Yet LIAR ZIP says he downmods my posts (IMPOSSIBLE MINUS AN ACCOUNT on /.): "I down-modded a few of your post on other threads" - by Anonymous Coward "ZIP" on Thursday October 11, 2018 @11:31AM (#57461058) FROM https://yro.slashdot.org/comme...
Tell us about CODE SIGNING (which has been STOLEN & ABUSED) https://www.helpnetsecurity.co... MY METHOD CAN'T BE (upmodded +2 INTERESTING in CODING FOR DEFCON no less) https://it.slashdot.org/commen...
YOU IGNORANT CHIMP!!!
APK
P.S.=> You're a joke ZACH PATTERSON the wannabe (now I finally KNOW who & WHERE you are)... apk
Ultimately these are posturings for showing off the capabilities of whomever is capable. This is the new mutually assured destruction. You can bet elsewhere behind the scenes, there are people trying to monkeypatch these routing issues, but ask yourself, if any one side has the ability to do this, wouldn't states then have an incentive not to do bgp hijacking tricks, as well as other trickery in traffic? All this seems like tit for tat reaction to other ongoing action.
Does he release that APK files run on Android and not Windows?
It's OK Bender, there's no such thing as 2.
But we cannot Google it, that's the whole point! Nigeria stole Google!
This article discusses the following research paper which analyses China's efforts to gain the capabilities that brought google down...
https://scholarcommons.usf.edu... ....whilst minimising the opportunity of the US and the west to create a similar attack against China.
See subject: A lying BLOWHARD bullshit artist that can't READ stupid CHIMP named Zach Patterson https://tech.slashdot.org/comm... who tried to "take credit" for something I did BEFORE him with proof of it RIGHT there & he says "I'm a much better programmer than APK" - by Anonymous Coward ZIP on Monday October 08, 2018 @11:27PM (#57449082) FROM https://yro.slashdot.org/comme... ) ?
* FUNNY THAT JACKASS IS ALL TALK but not a DAMN THING to show for himself in code let alone what others LIKE/USE/PRAISE (even /.ers) in MY work (that 100k++ users do worldwide also).
APK
P.S.=> There's TOO MANY pitiful do-NOTHING "ne'er-do-wells" INFESTING this place that are like YOU, you disgusting UNIDENTIFIABLE anonymous punk IMPERSONATING me... apk
China paid the U.S. a trillion dollars to poke around in Iraq while China took over Africa. Now, African countries are cutouts for Chinese cyberattacks.
My knowledge about networks has always been pretty limited and I haven't known much about ASs, BGR, how internet works, etc. until recently. But even now I wasn't truly aware about what having a system intrinsically defined by autonomous entities really means: lots of power in many hands with very different motivations. And what is even worse: lack of true accountability, of a centralised authority in a position to really make sure that everything will be exactly as expected.
:)
On the other hand, if I had thought about all this a bit carefully, I would have also come to the conclusion that it is the most logical outcome from a mixture of sovereign countries + international law (-> promises, not-really-enforceable agreements or, in the most extreme cases, concessions of small chunks of sovereignty which countries voluntarily give) + global network. The difficulty associated with enforcing the application of certain rules in a web-based environment (hosted in country X and used in country Y) seems intuitively clear to me, but curiously not the fact that same ideas also apply to the underlying physical structure. I guess that, similarly to what happens to most of people before having a proper understanding about the given situation, I couldn't see problems which appear to me as evident now. Ignorance does certainly provoke blindness, no matter how much knowledge you might have on other issues. Scary! Luckily for me (+ others who might be affected by my actions), I am quite aware about this fact and never make relevant decisions about any issue until after having made completely sure that I have a proper knowledge about it
The expected reliability/accountability of a given system is mostly defined by the authority which rules it; or, in other words and as pointed out in some comments above, it is as strong as its weakest link. An international effort including all the countries will always be conditioned by the intrinsic independence of all of them (e.g., to set up the internal proceedings to assess/monitor the suitability of organisations dealing with the national infrastructures). Theoretically, all the internal regulations are coordinated and there are ways to somehow force disobbeying countries to modify their behaviours. But all these efforts will always happen at a relatively distant, after-problems-arise position. Sovereign countries (and, within them, their companies) will always have the real power and their non-ideal actions might definitively have some temporary negative impact at a global scale.
The traditional standardisation approach (e.g., here you have the rules which you are expected to apply; you would be the only one losing in case of trying to trick the system via having inferior national products) doesn't seem applicable to the current scenario. It is a tough one. Governments and internal law don't seem to provide a reliable enough solution. Companies and the market might certainly allow to reach a stage of much higher control, but at what expense? Letting private interests have the last word in something as important as this? What would be the difference between that scenario and the current one (ASs being probably private companies but obeying certain national legislation)? And what about a mixed (governments + companies) multi-tier, elitist setup driving to the creation of different internets? It doesn't sound too well (all the elitism-based whatever sounds equally bad to me), but seems the most probable medium-term evolution: multi-country organisations ensuring a higher level of control over the activity of its members and having some real decision/monitoring power (e.g., the UE).
Custom Solvers 2.0 = Alvaro Carballo Garcia = varocarbas.
And some genius thought it was a great idea to let them on the internet. Welp, there goes the neighborhood.