Rostelecom Accused of Hijacking Google, Amazon, and Facebook Traffic
Russian national provider Rostelecom has been implicated in another incident involving the interception of traffic from more than two hundred content delivery networks (CDNs) and major cloud hosting providers such as Google, Amazon, Facebook, Akamai, Cloudflare, GoDaddy, and Digital Ocean.
For approximately one hour, over 8,800 traffic exchange routes originating from 200 networks were affected. Experts believe this was a case of BGP hijacking (IP address takeover).
According to BGPmon.net, the service detected a BGP hijack on April 1 at 19:27:28. Shortly after, a researcher known on Twitter as James_inthe_box also reported the traffic interception.
Experts from Qrator Labs took an interest in the situation and shared their perspective. βOn April 1, the largest Russian provider, Rostelecom, used prefixes belonging to intranet giants: Akamai, Cloudflare, Hetzner, Digital Ocean, Amazon AWS,β their report states.
Overall, incidents like BGP hijacking are quite dangerous, as a large amount of traffic can be redirected in a way that allows cybercriminals to analyze and decrypt it.