Security News > 2020 > October > Aussie telco Telstra says soz after accidentally diverting traffic meant for encrypted email biz through its servers

Aussie telco Telstra says soz after accidentally diverting traffic meant for encrypted email biz through its servers
2020-10-02 18:01

Aussie telco Telstra has apologised after a Border Gateway Protocol routing oddity caused traffic destined for encrypted email service ProtonMail to wrongly pass through Telstra's servers.

Switzerland-headquartered ProtonMail raged in a blog post that Telstra had engaged in "BGP hijacking" through what it described as "Incompetence and not malice", complaining that "Around 30 per cent of the global internet looking for us got pointed to Telstra instead".

To oversimplify it a bit, BGP traffic routing defaults to the fastest way for packets to get from A to B. This relies on the digital equivalent of network operators putting up signs saying "Motorway over here!" If somebody wants to divert internet traffic - say, a malicious person or state-sponsored agency - they can put up their own sign saying "Motorway with higher speed limit and no toll gates over here!" to scoop some of that traffic for themselves.

A Telstra spokesman told The Register: "Due to a technical error early on Wednesday morning, approximately 500 IPv4 prefixes were incorrectly advertised as Telstra's. The incident was triggered by Telstra running post verification testing to address an unrelated software bug in Telstra Internet Direct provisioning tools. A previous test verification prefix-set was incorrectly loaded against a production service. This resulted in the network impact, due to the way BGP propagates."

As we reported at the time: "RPKI allows ISPs to compare their internet routing tables with validated routes known to ARIN and the other. If there is a conflict - in that, an unexpected and non-validated route for internet traffic opens up - then either someone has misconfigured their network, or they are purposefully misrepresenting themselves online, possibly to intercept or block packets."


News URL

https://go.theregister.com/feed/www.theregister.com/2020/10/02/protonmail_telstra_bgp_hijack/