On Wednesday, large chunks of network traffic belonging to MasterCard, Visa, and more than two dozen other financial services companies were briefly routed through a Russian government-controlled telecom under unexplained circumstances that renew lingering questions about the trust and reliability of some of the most sensitive Internet communications.
Anomalies in the border gateway protocol—which routes large-scale amounts of traffic among Internet backbones, ISPs, and other large networks—are common and usually the result of human error. While it's possible Wednesday's five- to seven-minute hijack of 36 large network blocks may also have been inadvertent, the high concentration of technology and financial services companies affected made the incident "curious" to engineers at network monitoring service BGPmon. What's more, the way some of the affected networks were redirected indicated their underlying prefixes had been manually inserted into BGP tables, most likely by someone at Rostelecom, the Russian government-controlled telecom that improperly announced ownership of the blocks.
If you did nothing wrong and have nothing to hide, then you have nothing to fear. In Soviet Russia.
(Score: 3, Insightful) by art guerrilla on Saturday April 29 2017, @02:36PM (4 children)
:
Puuuuuuuu-tiiiiiiiiinnnnnnn ! ! !
(Score: 0) by Anonymous Coward on Saturday April 29 2017, @03:20PM (3 children)
So are you saying this didn't happen?
(Score: 2) by art guerrilla on Saturday April 29 2017, @11:14PM (2 children)
not at all...
saying the breathless, pearl-clutching neocons, neolibtards, and assorted toadies and lickspittles of Empire are grasping at any/all straws to paint putin as the devil incarnate; facts be damned, they want to pin everything from this inertnet hiccup, to athlete's foot on putin/rooshia...
(Score: 2) by captain normal on Sunday April 30 2017, @12:56AM
Do you mean this isn't the first real volley in the Cyber War to end all Cyber Wars? Damn I was about to pack up and head to somewhere where there are no wires or cell towers. ;-)
Everyone is entitled to his own opinion, but not to his own facts"- --Daniel Patrick Moynihan--
(Score: 3, Informative) by NotSanguine on Sunday April 30 2017, @03:19AM
saying the breathless, pearl-clutching neocons, neolibtards, and assorted toadies and lickspittles of Empire are grasping at any/all straws to paint putin as the devil incarnate; facts be damned, they want to pin everything from this inertnet hiccup, to athlete's foot on putin/rooshia...
If you understood how BGP worked, you wouldn't be so blase about it.
When there are hiccups (usually fat fingers or inexperienced network engineers) the route advertisement changes are overly broad, causing routers to claim to be the correct path for networks (IP address-wise) adjacent to the networks for which they are actually responsible.
The routes advertised were very specific. In fact, many of them were *more* specific than those used by the network providers who are actually authorized and responsible for that traffic. This raises a *big* red flag, as the BGP protocol will prefer more specific routes over less specific ones.
Given that the network ranges involved were *not* adjacent to each other, and not adjacent to network ranges managed by the ISP in question, that raises a big red flag as well. What's more, most of the network ranges belonged to banks/financial institutions, with a few tech companies to round it out, that raises additional red flags.
Is this a "volley in the cyber war?" Probably not. However, it wouldn't surprise me if some unscrupulous operator (whether it be related to a state actor or another organized group) either inadvertently pushed the route updates to production routers, or this was a test to see whether and how long it would take for the misdirection to be discovered and remediated. They might also have want to find out how much data could be slurped before the Internet at-large addressed the issue.
I'm a big fan of Hanlon's Razor [wikipedia.org], but If you look at how this happened, it's unlikely that this was just incompetence, an honest mistake or crappy network engineering.
If it was a cyberwar "volley," then it was poorly crafted and executed.
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 4, Insightful) by kaszz on Saturday April 29 2017, @02:46PM (1 child)
I'm sure MasterCard, Visa, and other financial services companies have nothing to hide. So they have nothing to worry about :P
Now if some other (dis-)service like that book-of-farce where to have an extra announcement of ownership too. It would be inaccessible even though their servers were working and had full protection against various bad incoming traffic.
(Score: 0) by Anonymous Coward on Saturday April 29 2017, @05:11PM
Meh. Were just civil forfeitured.
If the bits care so much about the little detour these always can try to sue the Russian government to get deported to their right owner.
(Score: 5, Insightful) by maxwell demon on Saturday April 29 2017, @03:45PM (3 children)
If the traffic was properly encrypted, it should not matter whether it was routed through Russia, North Korea or Mordor. If it was not properly encrypted, it already was insecure without being routed through Russia.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by BK on Saturday April 29 2017, @08:38PM (2 children)
I'm prepared to accept that Russia and North Korea might not be able to penetrate 'proper' encryption, but they have ways beyond human ken in the Land of Mordor where the Shadows lie.
...but you HAVE heard of me.
(Score: 1, Funny) by Anonymous Coward on Saturday April 29 2017, @11:48PM
Well yeah, but I've met Ken, and he's not that bright.
(Score: 0) by Anonymous Coward on Sunday April 30 2017, @12:30AM
As long as you're not using any of the token rings of power, you should be fine. :)
(Score: 3, Informative) by Anonymous Coward on Saturday April 29 2017, @04:04PM
Amateurs. We permanently route traffic through the NSA.
(Score: 3, Funny) by linkdude64 on Saturday April 29 2017, @05:45PM
*TRIGGERED*
WE ARE GOING TO BUILD A WALL IN RUSSIA SO BIG IT WILL SHADE PALIN'S HOUSE IN THE SUMMER!!
AND WHO IS GOING TO PAY FOR THE WALL???
RUSS—oh? Mastercard is going to pay for it? Well, whatever.
(Score: 0) by Anonymous Coward on Sunday April 30 2017, @12:02PM (1 child)
BGP is about distributing routing information between different administrative domains.
To some extent, that means between folks you don't necessarily trust, but have to peer with to make the Internet work.
In current routers, you can mitigate this with policies, but requiring each router to maintain policies for each destination on the Internet kind of defeats the purpose of BGP.
It would be interesting to know how this was found.
Seems like it would be the responsibility of the owners of the misdirected addresses to sort it out?
If this is the case, then it was only a useful test for these specific owners.
As for fixing it, if there were another record of the expected destination ISP, to cross check BGP changes against, then maybe a central watchdog could also raise an alarm.
Not sure how DNS and the address registrar's would fit into this?
Is there currently a DNS record to say who. or where the the expected ISP is?
(Score: 2) by NotSanguine on Monday May 01 2017, @12:36AM
It would be interesting to know how this was found.
IIUC, the folks over at BGPMon [bgpmon.net], whose job is to monitor this stuff, identified the issue [bgpmon.net] pretty quickly.
If this is the case, then it was only a useful test for these specific owners.
For a variety of reasons [soylentnews.org], it's more like this was a useful test of hijacking Internet traffic for fun and profit.
As for fixing it, if there were another record of the expected destination ISP, to cross check BGP changes against, then maybe a central watchdog could also raise an alarm.
Not sure how DNS and the address registrar's would fit into this?
Is there currently a DNS record to say who. or where the the expected ISP is?
There are efforts to address this issue, notably RPKI [ietf.org]. However, there are significant issues [bgpmon.net] WRT broadly implementing such functionality. A survey (somewhat dated) [ietf.org] gives a sense of the state of this effort.
No, no, you're not thinking; you're just being logical. --Niels Bohr