While neither Apple nor Russian authorities shed any light on the event, data indicates Apple traffic did go through Russia’s leading telecom company.
For 12 hours, network traffic Apple customers use to access the company’s services was redirected to the network owned by Rostelecom, Russia’s state-owned telecommunications company.
According to the Mutually Agreed Norms for Routing Security (MANRS), an initiative for reducing routing threats, on 26-27 July, Rostelecom started announcing routes for part of Apple’s network, attracting traffic from the internet users trying to access Apple services.
MANRS senior internet tech manager Aftab Siddiqui noted that it’s not clear whether any information was stolen or any services affected, and the ordeal could have happened due to a misconfiguration mistake.
However, if the traffic was rerouted on purpose, the ordeal would point to Russia carrying out a Border Gateway Protocol (BGP) hijacking.
Such a practice occurs when threat actors falsely announce the ownership of groups of IP addresses known as IP prefixes. For example, Cloudflare compares BGP hijacking to changing traffic signs on a freeway to redirect the traffic into incorrect exits.
Siddiqui claims that Rostelecom started announcing a prefix Apple uses. Even though route collectors all over the world noticed the change, Apple’s mitigation techniques didn’t stop Rostelecom from intercepting the traffic.
To solve the issue, engineers at Apple had to assign a more specific prefix to the network traffic the right way.
While the nature of the accident is unclear, this wouldn’t be the first time Rostelecom had performed a BGP hijacking attack. In April 2020, over 200 content delivery networks were redirected through Rostelecom.
Facebook, Akamai, Cloudflare, Amazon, Google, and many other tech giants were among the companies that found their traffic directed to Russia.
Comments
Your email address will not be published. Required fields are markedmarked