Russian telco hijacks internet traffic for Google, AWS, Cloudflare, and others
A Russian state-owned telecommunications provider intercepted internet traffic meant for 200 of the world’s biggest content delivery networks (CDNs) and cloud hosting providers. The telecommunications company, Rostelecom, affected more than 8,800 internet traffic routes in the incident. Impacted companies include Google, Amazon, Facebook, Akamai, Cloudflare, GoDaddy, Digital Ocean, Joyent, LeaseWeb, Hetzner, Linode, and more.
The event is classified as a Border Gateway Protocol (BGP) hijack by researchers. BGP is the system used to route internet traffic between global networks. The system, however, is fragile due to the fact that participating networks can post misleading or fraudulent BGP route announcements that are treated as legitimate by other entities. This allows for BGP hijacking to occur, as the targeted network’s traffic will instead be sent to the hijacker’s server.