Skip to main content

Russian telco hijacks internet traffic for Google, AWS, Cloudflare, and others

(Image credit: Image source: Shutterstock/Toria)

Russian state-owned telecommunications operator Rostelcom hijacked internet traffic meant for more than 200 of the world's largest content delivery networks (CDN) and cloud hosting providers, according to a ZDNet report.

More than 8,800 internet traffic routes, coming from more than 200 networks, and meant for some of the world's biggest websites (Facebook, Google, Amazon, GoDaddy, Cloudflare and others) was hijacked for about an hour last week.

Thanks to HTTPS encryption protocols, the content is not readable at this time, but this doesn't mean it will remain secure in future, when quantum computing makes current encryption techniques obsolete.

Although it's possible the incident arose due to an honest mistake - for example, an employee could have mistyped an ASN (autonomous system number) - it is also not the first of its kind associated with Rostelcom. Back in 2017, a “major hijack” took place, making headlines as the traffic for Visa, Mastercard and HSBC was hijacked.

Andree Toonk, BGPMon founder, took to Twitter to say that he believes the hijack was accidental, although others claim it may have been made to look like an accident on purpose.

“For what it's worth: I don't think they intended to announce this to the rest of the world (hijack),” Toonk wrote.

“What we saw here, by accident, is that they treat these (new more specific) prefixes special inside their network. Likely for some kind of "Traffic Engineering" reason.”