Several major tech names had their cloud traffic redirected through a Russian ISP.
In one of the strangest “we have nothing to fear from Russian hacking” events this month, several major tech names had their cloud traffic redirected through a Russian provider. The brief but allegedly intentional event affected companies like Apple, Facebook, Google, and Microsoft.
According to Roger Fingas for AppleInsider, “The incident involved the Border Gateway Protocol, or BGP, which funnels high-level traffic through nodes like internet backbones, according to Ars Technica, citing reports by monitoring services BGPMon and Qrator Labs. BGPMon recorded two three-minute hijacks, affecting 80 address blocks in total. Qrator Labs said the incident spanned two hours, with the number of address blocks fluctuating between 40 and 80.”
It gets weirder. BGPMon released a post that said the Russian Autonomous System that announced the very specific profiles belonging to the handful of tech giants goes completely unused and silent. This hijacking is only the second time in many years that the system has begun announcing prefixes at all, coming the day before the US FCC’s net neutrality repeal vote.
Andree Toonk for BGPMon noted, “What makes this incident suspicious is the prefixes that were affected are all high profile destinations, as well as several more specific prefixes that aren’t normally seen on the Internet. This means that this isn’t a simple leak, but someone is intentionally inserting these more specific prefixes, possibly with the intent the attract traffic.”
As ArsTecnica has pointed out concerning this event, it follows on the heels only eight months after significant traffic from major financial institutions like Mastercard and Visa had traffic intentionally hijacked and rerouted through Russia-controlled providers. In that event, even if the information was encrypted, hackers or state-sponsored operatives could follow the path back to smaller businesses or even individuals whose security protocols might not be as secure.
In these latest incidents, it is known that other entities were able to latch onto the prefixes that were broadcast.