Internet traffic meant for more than 200 of the world’s largest content delivery networks (CDNs) and cloud hosting providers was suspiciously redirected last week through Russian state-owned telecommunications provider Rostelecom, ITwire reported.
The incident affected more than 8,800 internet traffic routes from 200+ networks, affecting companies that are a who’s who in the cloud and CDN market, including big names such as Google, Amazon, Facebook, Akamai, Cloudflare, GoDaddy, Digital Ocean, Joyent, LeaseWeb, Hetzner, and Linode.
BGP stands for the Border Gateway Protocol and is the de-facto system used to route internet traffic between internet networks across the globe.
The entire system is extremely brittle because any of the participant networks can simply “lie” and publish an announcement (BGP route) claiming that “Facebook’s servers” are on their network, and all internet entities will take it as legitimate and send all the Facebook traffic to the hijacker’s servers.
In the old days, before HTTPS was broadly used to encrypt traffic, BGP hijacks allowed attackers to run man-in-the-middle (MitM) attacks and intercept and alter internet traffic.
Nowadays, BGP hijacks are still dangerous because it lets the hijacker log traffic and attempt to analyze and decrypt it at a later date when the encryption used to secure it has weakened due to advances in cryptography sciences.
While not involved in BGP hijacks as common as China Telecom, Rostelecom is also behind many similarly suspicious incidents. The company’s last major hijack that grabbed headlines happened in 2017 when the telco hijacked BGP routes for some of the world’s largest financial entities, including Visa, Mastercard, HSBC, and more.