Sabotage: an occupational hazard on the net
- 09 March, 2008 22:00
Sabotage. That's the right word for what Pakistan Telecom did to YouTube on the last Sunday in February. It was intended to be censorship — blocking Pakistanis from seeing a video that their government found offensive. But it resulted in all of YouTube vanishing from the internet for up to two hours.
If you think that's merely another silly non-crisis that doesn't mean anything to your IT shop or business, think again.
What happened? Pakistan Telecom (PT) got instructions from a government agency to block a specific YouTube video, which reportedly included the cartoons of the Prophet Muhammad that have sparked periodic riots since they were first published in Denmark in September 2005.
To do that, PT used a Border Gateway Protocol (BGP) injection. Put simply, PT changed its internet routing information for YouTube so that requests would go to PT's servers, not YouTube's. But the changed information was also sent to PT's own internet provider, Hong Kong's PCCW, which accepted it and passed it along to the rest of the world. Almost immediately, YouTube disappeared — for nearly everyone.
According to Renesys, an internet monitoring consultancy, it took about two minutes for the bad routing information to spread, 80 minutes for YouTube to notice and send out corrected routing information, and about another hour before the mess was completely cleaned up.
Yeah, it was clumsy and irresponsible on PT's part. But stop smirking. It could happen again tomorrow — to you.
See, the problem that allows BGP injection hasn't been fixed. And it's not likely to be. Ever. Just as it wasn't fixed two years ago, after Con Edison Communications accidentally hijacked internet connections to investment houses, a bank, Martha Stewart's publishing empire and the New York Daily News. Or after Turkish network provider TTnet mistakenly rerouted the entire internet on Christmas Eve 2004.
Those are big incidents. Smaller BGP injections happen all the time — often by accident, but sometimes because spammers or other bad guys want to hijack an address. As governments keep attempting to censor websites, that kind of sabotage is likely to happen more and more.
Why? Because for all the security we've layered onto the internet, at the level of big network providers, it still runs on pure trust. When one of them sends out routing information to the others, it's presumed to be true.
So, like YouTube, you could find your domain name hijacked, accidentally or intentionally, at almost any time.
You can't stop it. If you're watching for it, you can detect it and act to repair the damage. But meanwhile, like YouTube, you'll have vanished from the internet — and somebody else will be getting all your traffic.
How badly will that kind of sabotage hurt your company's business?
How many orders and inquiries won't come in?
How much proprietary information from customers will go to the hijackers instead of to you?
How will your supply chain be disrupted? Your sales force automation? Your software-as-a- service applications?
In short, how heavily do you rely on the internet? And what are your plans for the day it's stolen out from under you?
Nothing silly about those questions, is there?
No one is going to eliminate BGP injections anytime soon. And if you're not prepared — with monitoring, encryption, VPNs and alternative routes for critical communications — you'd better get to work.
Or you could find out just what the word sabotage means to you.