Financial services Internet traffic hijacked by Russian-controlled telecom
RingPlus News Service Los Angeles May 1st, 2017:
Network traffic from financial service places like MasterCard and Visa, were routed through a Russian telecom a few days ago. The reason remains unresolved and unexplained as this seems to have happened out of nowhere. The incident renews lingering questions and brings concern over the trust and reliability of the most sensitive of Internet communications. According to the border gateway protocol engineers, border gateway protocol routes large-scale amounts of traffic among Internet backbones, ISPs, and other large networks, errors are common and usually stem from human error. However, the fact that it was more financial service companies that were affected made this a curious occurrence for the engineers. Also, how the networks affected were redirected shows that this had to have been done manually. Most likely by someone at Rostelecom, the Russian government-controlled telecom who announced ownership of the blocks.
Leaks are usually more voluminous and indiscriminate, this appeared to have targeted only financial institutions. Usually network traffic going to Visa, Mastercard and other financial companies passes through service providers that the companies hire and authorize. Using BGP routing tables, the authorized providers announce their hold of the large amount of IP addresses belonging to the client companies. When the hijacking occurred, Rostelecom announced that it suddenly had ownership of the blocks. So traffic passing through the networks was then routed over Rostelecoms’ routers. It was only a few minutes but it was enough time for any hacker to have attacked. BGPmon has left open the possibility of this being an accident. If this turns out to not be an accident, it would not be the first time that traffic was intentionally diverted since something similar occurred in 2013. The hacks during that attack affected "major financial institutions, governments, and network service providers" in the US, South Korea, Germany, the Czech Republic, Lithuania, Libya, and Iran.
With this information, it is clear that there needs to be a change which would protect users information better. So far it has not been reported that there were people affected in this latest incident.