Russian ISP briefly hijacks large portion of web traffic through its network: Report

Russian telco Rostelecom, which is partially owned by the Russian government, hijacked a major portion of internet traffic from content delivery networks (CDNs) like Amazon Web Services, Google, Cloudflare and Akamai, reported ZDNet. The incident, which reportedly led to outages of some services hosted by these CDNs, happened on April 1, and lasted an hour, the report said. This was a BGP hijack, where an ISP or other network can, intentionally or not, pretend to host other networks to make traffic destined for those networks flow through them.

Over 200 CDNs and more than 8,000 traffic routes were affected per the report. This was likely caused by a misconfiguration, said Andree Toonk, who founded BGPmon, a Cisco subsidiary that monitors incidents like this. Toonk said that the telco was more likely trying to configure the movement of these CDNs’ traffic within its own network, but accidentally took ownership of the routes they are on.

This isn’t Rostelecom’s first rodeo — in 2017, the company did a similar hijack only for financial data from companies like Visa and Mastercard, the ZDNet report pointed out. BGP hijacks are partially due to the trust-based architecture of the internet, where networks can simply misstate their identities and have traffic flow to them. But since most of the data on the internet these days is encrypted (including this very site), it’s not technically feasible to decrypt data in transit, making BGP hijacks less of a risk than in the past, when little data on the internet was encrypted strongly. However, the report points out, when current encryption standards become obsolete in the future, BGP hijackers who routed traffic through their networks and saved copies of whatever flowed through could theoretically then decrypt that information.

The Internet Society runs MANRS, Mutually Agreed Norms for Routing Security, a cybersecurity program to prevent incidents like BGP hijacking from ever happening, even accidentally. MANRS said in a post that Rostelecom could have avoided its hijack simply by having better filtering systems. In 2018, Indian ISPs signed on to MANRS. In 2015, Airtel had been at the centre of a significant BGP hijacking incident, BGPmon’s Toonk said. Such incidents are less likely to happen when ISPs take steps to prevent misconfiguration errors from blowing up into international routing snafus.