INSUBCONTINENT EXCLUSIVE:
Traffic intended for more than 200 of the world's largest content delivery networks (CDNs) and cloud hosting providers was recently
redirected through Russia's state-owned telecoms provider Rostelecom.While the incident only lasted for about an hour, it affected more than
8,800 internet traffic routes from over 200 networks
The companies impacted by the BGP hijack include Google, Amazon, Facebook, Akamai, Cloudflare, GoDaddy, Digital Ocean, Joyent, LeaseWeb,
Hetzner, Linode and others.BGP (Border Gateway Protocol) is the de-facto system used to route internet traffic between internet networks
that other company's servers are on their network
Other internet entities will see the announcement as legitimate and then send all of a company's traffic to the hijacker's servers.Before
HTTPS was widely adopted, BGP hijacks allowed attackers to run man-in-the-middle (MitM) attacks and intercept and alter internet traffic
These days BGP hijacks still remain a threat because they allow an attacker to log traffic in order to analyze and decrypt it at a later
date once the encryption used to secure it has been broken.According to experts, not all BGP hijacks are malicious as they can often be the
result of a human operator mistyping an ASN (autonomous system number) and hijacking a company's internet traffic accidentally
However, some telecoms continue to regularly be behind BGP hijacks which suggests that they are more than just accidents.China Telecom is
currently behind the most BGP hijacks but Rostelecom is also behind many similarly suspicious incidents.Back in 2017, Russia's state-owned
telecoms provider hijacked BGP routes for some of the world's largest financial companies including Visa, Mastercard, HSBC and more
ransom ASNs.Regarding the latest incident, the jury is still out as BGPMon founder Andree Toonk published a post on Twitter to explain that
the hijack may have occurred after an internal Rostelecom traffic shaping system might have accidentally exposed the incorrect BGP routes on
What we saw here, by accident, is that they treat these (new more specific) prefixes special inside their network
intentional BGP hijack appear as an accident which could be the case here.Also check out our complete list of the best VPN servicesVia ZDNet
