Become a Site Supporter and Never see Ads again!

Author Topic: “Suspicious” event routes traffic for big-name sites through Russia  (Read 451 times)

0 Members and 1 Guest are viewing this topic.

Offline rocksuitcase

  • Trade Count: (1)
  • Needs to get out more...
  • *****
  • Posts: 4844
  • Gender: Male
    • RockSuitcase: stage photography
https://arstechnica.com/information-technology/2017/12/suspicious-event-routes-traffic-for-big-name-sites-through-russia/
Quote
Traffic sent to and from Google, Facebook, Apple, and Microsoft was briefly routed through a previously unknown Russian Internet provider Wednesday under circumstances researchers said was suspicious and intentional.

Russian-controlled telecom hijacks financial services’ Internet traffic

The unexplained incident involving the Internet's Border Gateway Protocol is the latest to raise troubling questions about the trust and reliability of communications sent over the global network. BGP routes large-scale amounts of traffic among Internet backbones, ISPs, and other large networks. But despite the sensitivity and amount of data it controls, BGP's security is often based on trust and word of mouth. Wednesday's event comes eight months after large chunks of network traffic belonging to MasterCard, Visa, and more than two dozen other financial services were briefly routed through a Russian government-controlled telecom, also under suspicious circumstances.

According to a blog post published Wednesday by Internet monitoring service BGPMon, the hijack lasted a total of six minutes and affected 80 separate address blocks. It started at 4:43 UTC and continued for three minutes. A second hijacking occurred at 7:07 UTC and also lasted three minutes. Meanwhile, a second monitoring service, Qrator Labs, said the event lasted for two hours, although the number of hijacked address blocks varied from 40 to 80 during that time.
Little is currently known about AS39523, the previously unused autonomous system that initiated the hijacking. AS39523 hasn't been active in years, except for one brief BGP incident in August that also involved Google.

It remains unclear what engineers inside AS39523 did with what could be terabytes of data that passed through their servers. Generally, email and Web traffic is encrypted using transport layer security or other schemes. For years, researchers have devised ways to weaken or altogether break such encryption protections or work around them. To accomplish this, they've used attacks with names including Logjam and DROWN. To date, there are no known instances of BGP hijackers successfully decrypting rerouted traffic, but it's also not possible to rule out such feats. At a minimum, the Russian provider could have copied the data and is storing it in case a new crypto attack is discovered in the future.
Little is currently known about AS39523, the previously unused autonomous system that initiated the hijacking. AS39523 hasn't been active in years, except for one brief BGP incident in August that also involved Google.

It remains unclear what engineers inside AS39523 did with what could be terabytes of data that passed through their servers. Generally, email and Web traffic is encrypted using transport layer security or other schemes. For years, researchers have devised ways to weaken or altogether break such encryption protections or work around them. To accomplish this, they've used attacks with names including Logjam and DROWN. To date, there are no known instances of BGP hijackers successfully decrypting rerouted traffic, but it's also not possible to rule out such feats. At a minimum, the Russian provider could have copied the data and is storing it in case a new crypto attack is discovered in the future.
The comments are highly informative.

music IS love

When you get confused, listen to the music play!

Mics:         AKG460|CK61|CK1|CK3|CK8|Beyer M 201E
Recorders:Marantz PMD661 OADE Concert mod; Tascam DR680 MKI

 

RSS | Mobile
Page created in 0.069 seconds with 23 queries.
© 2002-2018 Taperssection.com
Powered by SMF