Russian Telco Hijacked Internet Traffic of Google, AWS, Cloudflare, and Others

Last week, traffic meant for more than 200 of the world's largest content delivery networks (CDNs) and cloud hosting providers was suspiciously redirected through Rostelecom, Russia's state-owned telecommunications provider. From a report: The incident affected more than 8,800 internet traffic routes from 200+ networks, and lasted for about an hour. Impacted companies are a who's who in the cloud and CDN market, including big names such as Google, Amazon, Facebook, Akamai, Cloudflare, GoDaddy, Digital Ocean, Joyent, LeaseWeb, Hetzner, and Linode.

Disconnect Russia.

[Anonymous Coward]

Can't we just disconnect Russia from the rest of the internet? They seem to be more trouble than they are worth. Plus, they'll probably like it since they'd be restricted to the Russian net where the only thing to do is to exchange Borscht recipes, discuss Vodka prices and adore Putin.

Re:

[ClueHammer]

and China and the USA and North Korea... they are all badly behaved on the internet.

Re:

[kenai_alpenglow]

But, but you keep saying the Bible Belt is a bunch of morons. Now you're saying they're smart enough to hijack internet traffic... Your insults are contradicting each other...

Re: Disconnect Russia.

[Dopamina]

Damn right! Everyone does bad things so nothing anyone does really matters! Anarchy! Anarchy! Anarchy!

Re:

[jellomizer]

North Korea yes, China, on the other hand, maybe less trouble then it is worth. As we do a good amount of trading with them.

I am not saying China are the Good guys, but there is enough Responsible Traffice to counteract the bad traffic. Where if you see traffic coming in from Russia, and North Korea you probably know it is all bad news.

Re:Disconnect Russia.

[kot-begemot-uk]

So when an American mom and pop ISP does that what do we do? Disconnect America?

It is a regular occurrence and specific to the USA internet. 20 years ago, I served as a "sidekick" for the peering/transit manager at the Eu branch of a major USA telco. I wrote most of the software tools to do generate filters, config, etc.

20 years ago we could never ever agree with the yanks on this.

We insisted that we will install FULL FILTERS checking any BGP announcement so that anyone announcing bullshit will be ignored. There was software to do that at the European internet registry at RIPE. The peering points in Europe (f.e. Decix) even offered it as a service - the announcements to be filtered for you by their route server. It works so no such incidents as a result.

Or to be more exact, it works until the Yanks come and rip it all out and listen to any ratshite announced by the other side as is standard practice in the USA. They never ever learn and it does not matter how many incidents are there (as there was a similar one with China Telecom last year), they will continue sitting in the middle of the public net with their pants down.

By the way, "mom and pop's ISP" is actual incident, 1998, some muppets in Florida. You can dig it out of the NANOG archives. That is how old this is and how many times it has happened in the past. Still - no learning on the other side of the pond.

Re:

[AleRunner]

If an ISP sends traffic through a country it shouldn't go to then they expose the private information of their customers (including all those customers of other ISPs that are effectively paying them to carry traffic). This is where the difference becomes clear. In the USA this is seen as minor revenue loss. The Russians should be paying for the data - but they don't tend to be good customers anyway since they have other ways to access it. In Europe, on the other hand, the GDPR makes it illegal and possib

Re:

[phayes]

When "Mom & Pop" ISPs in the US have a president for life, are synonymous with a repressive government that kills reporters and political figures living in other countries and have the means the FSB & GRU have, sure "we" will do that.

Until then, we will consider those who conflate "Mom & Pop" ISPs & the Russian government idiots.

When bad actors like Russia are connected to the Internet, BGP as an unsecured, unverified routing protocol needs to be replaced with something that can't be so easi

Re:

[rickb928]

'Fixing' BGP is a total community responsibility. All the players need to get together, develop a proper RFC, and agree.

Sadly, though, the Internet community isn't as familial or benevolent as it once was. So we watch as they fiddle, monetize TLDs and registries for no reason other than selfish and unmerited profit, and pay pay pay.

Pay in money

Pay in lost privacy and security

Pay in lost opportunity

Re:

[ISayWeOnlyToBePolite]

Is the filtering you speak of different to the filtering reported by the https://observatory.manrs.org/... [manrs.org] MNRS project which is at pretty much 100% (world wide, including the us)?

Re:

[Sleeping Kirby]

Thank you for posting this. I was wondering why any BGP would just accept new route without warning. Glad to know it's not just me.

Re:

[JaredOfEuropa]

No need to disconnect, just "don't be evil" and be prepared to do no business in Russia. Warn your Russian customers. Ignore demands from the Russian government to provide access to client data or to drop end-to-end encryption. Have no offices in Russia beyond the absolute minimum necessary, handle as much as you can from abroad. If they threaten to block your service, call their bluff. If they actually block you, shrug and give up. That market is not worth losing your principles over (China on the ot

Re:

[rho]

Speaking of "don't be evil," while you're agonizing about Russia, corporations in America are collecting your data and selling it. Google alone controls such a large percentage of the Internet that they have become synonymous with each other.

If you're more worried about Russia, I suggest you have your priorities out of whack.

It's 2020 people

[thegarbz]

The world is full of bad actors. Why are published BGP routes accepted without verification from the address owner.

We continue to focus on encryption and DNS, but from my (limited) understanding very little effort has been put into ensuring that people can't just simply magically tell others to send them traffic belonging to someone else.

Re:It's 2020 people

[kot-begemot-uk]

The world is full of bad actors. Why are published BGP routes accepted without verification from the address owner.

We continue to focus on encryption and DNS, but from my (limited) understanding very little effort has been put into ensuring that people can't just simply magically tell others to send them traffic belonging to someone else.

See my other post. In general Europe filters all routes.

USA does not and no amount of incidents will teach the to do so. That was the case 23 years ago when the net was downed by some muppets on an 64K leased line in Florida which wrote their own hacked gated extension and "dismantled" all announcements into /24s which originated from them. That was the case every year since when somebody did that in one way or another. That was the case last year when China Telecom did it. That is still the case.

No amount of incidents will make an American SP filter routes. What's the deal - dunno. I would have expected them to learn this by now.

Re:

[h33t l4x0r]

Wouldn't it be cheaper/easier to simply point fingers at entire countries like "Russia"?

Re: It's 2020 people

[BAReFO0t]

Yeah, the world is real simple, if you got a convenient scapegoat to blame all your own problems on.
It is why "God" and "the devil" were invented, why Nazis hated Jews, why Stalin sent fringe group after fringe group to the gulags, and why Americans hated blacks an Mexicans and Chinese/Japanese and Russians and Arabs and Russians and Chinese and ... let's just say literally everyone and then some twice over. ;)

Re:

[jellomizer]

The difference between blocking the Country of Russia from the internet vs your comparison. There is a measurable net negative effect of Russia's internet activity. And like other actions such as Sanctions and Tariffs. Blocking the Internet may be an appropriate punishment that the world can put on a country for bad actions. That is less consequential than a Military War.

Of course, the real correct action would be for America and its corporations (large and small) to take internet security seriously and

Re: It's 2020 people

[Dopamina]

It's weird that you would've phrased your post as if the Russians weren't a constant problem... https://freebeacon.com/nationa... [freebeacon.com]

Re:

[jellomizer]

At best Russia was a military Aly to the US. But we have been competitors for nearly a hundred years. Partially is because our culture between the US and Russia are both Verry different and Extremely SImular. Americans and Russian like to see themselves as Rustic Can Do, Pull up your bootstraps and get'r'done. However, the ways we deal with this is very different. Thus causing a lot of conflicts and competitive actions, because when the world wants something. Both the US and Russia Say We can do it. Howev

Re:

[thegarbz]

Wouldn't it be cheaper/easier to simply point fingers at entire countries like "Russia"?

And cut off legitimate business in the process? It's easy for you to finger Russia since you obviously don't deal with them. They are still an active trading partner and a contributor to the world economy.
Last year it was China, what then? Boot them of the internet? How are you going to get next year's iToy then?

Re:

[NateFromMich]

No amount of incidents will make an American SP filter routes. What's the deal - dunno. I would have expected them to learn this by now.

As an American, I agree with you fully on this. I spent about 10 years in the industry and just couldn't understand why it's wipe open like that. Anyone can just route traffic to themselves whether on purpose or accident, and the answer is always that "they shouldn't have done that" or something similar.

your so wrong... RPKI

[johnjones]

all the major vendors who are regulated have moved to using RPKI in the USA its just the Googles etc who think they know better e.g. AT&T use RPKI

  ironically I thought cloudflare did use RPKI...

Re:

[ISayWeOnlyToBePolite]

all the major vendors who are regulated have moved to using RPKI in the USA its just the Googles etc who think they know better e.g. AT&T use RPKI

ironically I thought cloudflare did use RPKI...

I believe google and some of the other large companies are working on it: https://tech.slashdot.org/stor... [slashdot.org]

Re:

[Kernel Krumpit]

YouTube Graphic of that: https://www.youtube.com/watch?... [youtube.com]

Signup for BGPMon.net

[gavron]

If you're the RPOC for any BGP advertisement... sign up with BGPMon.net.
They send timely (immediate) information when any of your prefixes are hijacked, rerouted, deleted, or superceded [by more specific prefixes].

I've used their services for over ten years. They are invaluable.

Lowest level is free. More prefixes / ASNs / RPOCs cost money. It's worth the money.

If nothing I said here means anything to you, congratulations! You have nothing to worry about. Someone else is responsible for how the Internet handles network route advertisements. If you see them in the hallway, let them know about BGPMon.net though :)

Ehud Gavron
Tucson AZ

Sounds as stupid as passive anti-virus.

[BAReFO0t]

As in: 1. A blackist, and 2. after the fact too!

You know, instead of securing your system from the start! Like a non-moron.

Yes, put TLS around your BGP, add authentication, and tell your peers to request an account or GTFOff the Internet!
Let them request accounts starting *today*, switch it to TLS+auth-only in a month. It's that easy. Stop making excuses.

Re:

[bobbied]

The problem with your idea is that you may not be aware of hostile actors doing BGP updates that break you. They can adjust various routing tables involved that have nothing to do with anything under your control.

So after the fact monitoring is about the best you can hope for.

The only way to really solve this problem is to have *everybody* who owns a router and accepts BGP updates agrees to only accept updates from known, trusted and verified sources, and to *never* allow updates to go out that they have

Always so primitive, those Russians...

[BAReFO0t]

Can't even do it in secret, let alone to most of the planet, like we do.

Yeah, I know, you can openly do it in your own country, since your population knows you are shit, has given up, and drowns itself in vodka,
but we still fall for the delusions of our govermment, so if you wanna play with the big guys, globally, you have to play it real sneakily, lying, cold like a real psychopath.

I thought you could do psychopath, Putin... :/
Disappointed you're not even half a Dick Cheney or Lloyd Blankfein or Exxon CEO.

Re: Always so primitive, those Russians...

[Dopamina]

Putin is a kleptocrat and not much more. It is a big part of what gives him an inferiority complex: he knows he basically stole his way into power and for being such a tough guy is probably ashamed that he will be known to history as a thief.

Re:

[nomadic]

He's also an ultranationalist furious over the fall of the Soviet Union, and a lot of his actions are kind of irrational but driven by hatred of the US and the rest of the west.

Re:

[jellomizer]

He is popular with his people. As before he came into power the post-USSR was suffering really badly, he was in charge during its recovery. How much were his actions vs just the advantage of Oil Prices going higher allowing a boost to Russia's economy is up to historians?

To be fair Obama claim on fixing the economy after the financial crash, was also due to high oil prices, allowing for natural gas, fracking and oil production to make the US very profitable as well, which had offered a lot of new employm

Good Luck with JEDI

[Rhaize]

Good Luck Amazon getting US government contracts after routing all your traffic through Russia

Detailed article

[ISayWeOnlyToBePolite]

More technical description https://www.manrs.org/2020/04/... [manrs.org]