Internet traffic to and from large global content delivery networks has recently been unintentionally diverted through the Russian telecom operator Rostelcom. This was done with a classic BGP hijacking.
The incident occurred last week, according to ZDNet. Concretely, internet traffic to and from more than 200 known content delivery networks and cloud hosting providers was diverted via the Russian telecom operator Rostelcom’s network, for the duration of one hour. Rostelcom is the state telecom company of the Russian Federation.
This included traffic to Google, AWS, Cloudflare, Facebook, Akamai, GoDaddy, Digital Ocean, Joyent, LeaseWeb, Hetzner and Linode. In total, there were more than 8,800 different routes for the internet traffic.
According to experts, the incident can be designated as a classic ‘hijacking’ of the Border Gateway Protocol (BGP). This protocol takes care of the routing of the worldwide internet traffic between the various internet works. This protocol can easily be hijacked because one of the participants can ‘lie’ that addresses of Facebook, for example, are there and thus route all traffic to this platform there.
Before the introduction of the HTTPS protocol, a BGP hijacking made it possible for hackers to carry out a Man-in-the Middle (MitM) attack. Nowadays, these types of hacks allow value-added people to capture the traffic, analyse it and decrypt it later, and gain insight into the actual content of the traffic.
Nowadays, BGP hijackings are prevented with advanced security protocols such as ROV, RPKI and recently MANRS. Nevertheless, the adoption of these measures is still slow, so that BGP hijackings can still be carried out easily.
Involvement of Rostelcom
Rostelcom’s involvement in the redirection of internet traffic, especially as a state telecom operator in Russia, naturally raises questions. Certainly when those questions concern espionage activities, for example. The state-owned company was also involved in a BGP hijacking in 2017. At that time, the telecom operator mainly diverted traffic coming from financial institutions. Credit card organisations Visa, Mastercard and the major business bank HSBC were among the victims at that point.
Nevertheless, according to experts, there is a good chance that the recent ‘hijacking’ was just an accident, e.g. due to human error.