Internet traffic from the world’s 200 largest Content Delivery Networks (Content Delivery Network (CDN) and cloud storage provider, including Google, Amazon, and Facebook, was captured through the state-sponsored Russian telecommunications company Rostelecom.
Rostelecom, a Russian-based telecommunications company Rostelecom, with a fluffy record of violations of the Border Gateway Protocol (BGP), is at the center of a new BGP Hijacking attack. According to the news of ZDNet, the traffic from the world’s 200 largest Content Delivery Network (CDN) and cloud storage provider was suspiciously directed to different channels through the company with the Moscow government behind it.
The incident affected more than 8,800 internet traffic on more than 200 networks. Among companies suffering from BGP Hijacking; There are also big names in the CDN and cloud storage market such as Google, Amazon, Facebook, Akamai, Cloudflare, GoDaddy, Digital Ocean, Joyent, LeaseWeb, Hetzner and Linode.
It is stated that many giant companies, including Facebook and Google, are affected by BGP Hijacking.
BGP, which is an actual system used to direct internet traffic between internet networks all over the world, operates with the logic of assigning autonomous system numbers to routers. Autonomous system number varies between 1 and 65535. 64512 to 65535 is the private autonomous system number and can be used by anyone.
Before HTTPS was widely used to encrypt traffic, BGP attacks allowed hackers to perform Mid-Man Attack (MITM) attacks and stop or change internet traffic. BGP Hijacking, which has been a major problem for the internet ecosystem since the mid 90s, is still an important threat today, though not as much as before.
Chinese and Russian telecom firms’ registrations on BGP Hijacking
Experts say that a small error of telecommunication networks can cause internet traffic to be taken over by malicious people, but it is noted that some companies are mimicked about it. For example; In 2017, major traffic networks owned by MasterCard, Visa and more than two dozen other financial services companies were directed to other locations via Rostelecom. Experts point out that the Chinese state-controlled China Telecom, like Rostelecom, often serves as the ‘intermediate host’ of similar attacks.
Experts say that the BGP attacks in the telecom networks in autocratic countries such as China and Russia are considered suspicious primarily due to political concerns rather than technical reasons, and it is possible to make it possible to make an intentional BGP Hijacking appear as an accident.