Part of internet traffic went through Russian provider Rostelecom for an hour

Internet traffic intended for more than 200 major content delivery networks was rerouted last week via Rostelecom, a Russian state-owned provider. It could be a configuration error or deliberate bgp hijacking.

Traffic from more than 8,800 internet routes from CDNs and cloud companies such as Google, Amazon, Facebook, Akamai, CloudFlare, GoDaddy and LeaseWeb was rerouted via Rostelecom for about an hour, ZDNet writes. This was done through a custom bgp routing.

Internet traffic is routed via the border gateway protocol. Participating networks may falsely announce that certain server IPs belong to them. This results in the redirection of internet traffic. This can happen accidentally due to a configuration error, but bgp hijacks are also used intentionally.

Andree Toonk, the administrator of monitoring site BGPmon.net, thinks that in this case not a deliberate hijack. According to Toonk, Rostelecom probably gives traffic from the relevant parties in its own network special treatment and an error was made in the configuration.

In the past, such hijacks were used as a man-in-the-middle attack, but with the rise of encrypted https connections, that has become much more difficult. With a BGP hijack, a party can now log traffic and attempt to decrypt it in the future, for example if there are new methods or more computing power is available.

In 2018, it turned out that internet traffic from the United States, among others, was regularly diverted via China Telecom. A year later it turned out that the same happened with internet traffic from Europe. Like Rostelecom, China Telecom is a state provider.