from the ping-google.com-reply-from-en.kremlin.ru dept.
All your packets are belong to us:
Internet traffic for some of the world's largest tech firms was briefly rerouted to Russia earlier this week in what appeared to be a Border Gateway Protocol (BGP) attack.
OpenDNS-owned Internet monitoring service BGPmon reported the incident on Tuesday. BGPmon noticed that 80 IP prefixes for organizations such as Google, Microsoft, Apple, Facebook, NTT Communications, Twitch and Riot Games had been announced by a Russian Autonomous System (AS).
It happened twice on Tuesday and each time it only lasted for roughly three minutes. The first event took place between 04:43 and 04:46 UTC, and the second between 07:07 and 07:10 UTC.
Despite being short-lived, BGPmon said the incidents were significant, including due to the fact that the announcements were picked up by several peers and some large ISPs, such as Hurricane Electric and Zayo in the U.S., Telstra in Australia, and NORDUnet, which is a joint project of several Nordic countries.
Another interesting aspect was that all the targeted traffic was associated with high-profile organizations. Experts also pointed out that the Russian AS (AS39523) had not been seen making announcements for several years before this incident.
(Score: 1, Insightful) by Anonymous Coward on Friday December 15 2017, @05:55AM (4 children)
This is a pretty obvious spying operation, yet easy to claim as a mistake.
Redirect, collect data, then chew on the data.
(Score: 4, Insightful) by lx on Friday December 15 2017, @07:46AM (2 children)
Unlike the US spying operation, where most international traffic is routed via NSA servers anyway, and the rest is caught via a GCHQ tap.
(Score: 1, Informative) by Anonymous Coward on Friday December 15 2017, @08:05AM
And the rest of the https://en.wikipedia.org/wiki/Five_Eyes [wikipedia.org]
(Score: 0) by Anonymous Coward on Friday December 15 2017, @06:03PM
It is not a problem that the NSA is spying on foreigners. This is what I pay them for. They'd damn well better be doing it.
(Score: 2) by anotherblackhat on Friday December 15 2017, @06:08PM
>This is a pretty obvious spying operation ...
A few years ago it would have been a "pretty obvious spamming operation".
Before that it would have been a "pretty idiotic mistake".
Grabbing IP blocks by announcing subnets via BGP is nothing new.
There are lots of reasons blackhats do this, and while we never do it for "good", it's rarely for spying - you get caught way to quickly.
(Score: 0) by Anonymous Coward on Friday December 15 2017, @05:55AM (1 child)
IP protocols were developed to accommodate regional autonomy and collaboration. It is supposed that, in the long run, the network as a whole will route around rogue players, but this event brings to the light that it can still do damage in the short term.
(Score: 2) by FatPhil on Friday December 15 2017, @06:04AM
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 0, Disagree) by Anonymous Coward on Friday December 15 2017, @08:21AM
Each country should have their own internet so they don't muck it for others.
(Score: 3, Funny) by c0lo on Friday December 15 2017, @12:09PM
It's not a hacking incident, it's the internet trying to stay neutral.
(grin)
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford