Thousands of networks and websites were affected by a massive BGP routing leak just a few hours ago. While early reports indicate that the leak occurred on Vodafone’s autonomous network, which operates in India, the incident impacted companies around the world, including Google.
Cisco revealed the detection of a discrepancy in an Internet routing system, which could be indicative of a BGP hijacking: “Prefix 220.127.116.11/24, it is normally announced by AS270497 RUTE MARIA DA CUNHA, BR, however, from 2021-04-16 15:07:01, the same prefix (18.104.22.168/24) was also announced by ASN 55410.”
On the other hand, the director of the analysis firm Kentik Doug Madory confirmed these reports stating that the autonomous system ASN 55410 showed an increase of about 13 times above its regular traffic. Apparently this would have happened because the network mistakenly advertised more than 30,000 BGP prefixes or routes; when this stopped happening, the Internet was flooded with traffic not destined for the aforementioned network.
Madory added that some U.S.-based companies, such as Google, were also shocked by this incident that lasted just a few minutes on April 16: “This incident affected traffic for a few minutes, although this is enough time to generate connection problems for users around the world,” the expert says.
Kentik’s report compares the consequences of this traffic leak with those of a denial of service (DoS) attack, which may even have affected thousands of Vodafone service customers.
The importance of BGP
As users may remember, Border Gateway Protocol is what makes the Internet as we know it work properly. It is similar to a postal system that makes it easy to redirect traffic from one network system to another. For example, a country-based user who wants to access a website based in another needs a system that knows what paths to take to successfully perform the redirection process; the primary function of BGP is to redirect Internet traffic correctly across multiple routes and systems between the source and the user’s destination.
Due to its BGP nature it is a relatively weak protocol and even a problem in a few intermediary systems can result in a deastrous scenario for the user experience due to the intervention of threat actors.
BGP route hijacking occurs when a malicious actor manages to falsely advertise to other routers that have a specific set of IP addresses when they do not. When this happens, chaos occurs. This route confusion would create many problems on the Internet and cause delays, traffic congestion, or total disruptions.
The importance of this protocol today makes it critical that administrators are aware of the security risks inherent in using BGP. To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.