Route Hijacking: Identity Theft of Internet Infrastructure

Peter Svensson gives an old and quite serious problem some mainstream press in this AP story from 8 May 2010:
On April 25, 1997, millions of people in North America lost access to all of the Internet for about an hour. The hijacking was caused by an employee misprogramming a router, a computer that directs data traffic, at a small Internet service provider.

A similar incident happened elsewhere the next year, and the one after that. Routing errors also blocked Internet access in different parts of the world, often for millions of people, in 2001, 2004, 2005, 2006, 2008 and 2009. Last month a Chinese Internet service provider halted access from around the world to a vast number of sites, including and, for about 20 minutes.

In 2008, Pakistan Telecom tried to comply with a government order to prevent access to YouTube from the country and intentionally “black-holed” requests for YouTube videos from Pakistani Internet users. But it also accidentally told the international carrier upstream from it that “I’m the best route to YouTube, so send all YouTube traffic to me.” The upstream carrier accepted the routing message, and passed it along to other carriers across the world, which started sending all requests for YouTube videos to Pakistan Telecom. Soon, even Internet users in the U.S. were deprived of videos of singing cats and skateboarding dogs for a few hours.

In 2004, the flaw was put to malicious use when someone got a computer in Malaysia to tell Internet service providers that it was part of Yahoo Inc. A flood of spam was sent out, appearing to come from Yahoo.

The Pakistani incident is illustrated in the accompanying story and video by RIPE.

This problem has been known for a long time. Why hasn’t it been fixed?

One reason is that the weaknesses in the system are in the routing between carriers. It doesn’t help if one carrier introduces a new system — every one it connects with has to make the change as well.

“It’s kind of everybody’s problem, because it impacts the stability of the Internet, but at the same time it’s nobody’s problem because nobody owns it,” says Doug Maughan, who deals with the issue at the Department of Homeland Security.

Ah, collective action, the great benefit of the Internet and the thing the big ISPs don’t really want for themselves.

What will it take?

Jeffrey Hunker, a former senior director for critical infrastructure in the Clinton administration, says he’s not surprised that little has happened on the issue since 2003. He doesn’t expect much to happen in the next seven years, either.

“The only thing that’s going to drive adoption is a major incident, which we haven’t had yet,” he says. “But there’s plenty of evidence out there that a major incident would be possible.”

By “major” we’re probably talking “Chernobyl” or “Three Mile Island”, as in something that loses access to the Internet for everyone from stock traders to grandmas looking at grandchildren’s pictures for, oh, a day.

The only solution the article mentions is a centralized database, which would be about as bad as the original problem, since such a database would be susceptible to manipulation by criminals, corporations, and governments.

Surely here a decade into the 21st century somebody can come up with a decentralized route verification system?

In the meantime, network administrators deal with hijacking an old-fashioned way: calling their counterparts close to where the hijacking is happening to get them to manually change data routes. Because e-mails may not arrive if a route has been hijacked, the phone is a more reliable option, says Tom Daly, chief technical officer of Dynamic Network Services Inc., which provides Web hosting and other Internet services.

“You make some phone calls and hope and pray,” Daly says. “That’s about it.”

Ah, risk management at its best.