Russian telecom may have intentionally hijacked internet traffic bound for Mastercard, VISA, and more
On April 26, 2017, Rostelecom, a Russian telecom, hijacked large amounts of sensitive network traffic from over a dozen financial institutions including Mastercard and VISA. Rostelecom, one of the big four telecoms in Russia, did this by inaccurately announcing 36 network blocks as theirs through border gateway protocol (BGP) tables. This type of inaccurate announcement of network space and subsequent rerouting does happen by accident sometimes. However, the fact that over two dozen international financial institutions were affected, targeted really, makes it seem like this action was not accidental. A little digging reveals that Rostelecom happens to be owned (49%) by the Russian government. What’s more, multiple senior government officials currently hold board seats at Rostelecom.
Russian telecom hijacking of targeted financial Internet traffic is curious to say the least
BGPMon called the hijacking “curious.” Doug Madory from Dyn was more straightforward with his words; he told ArsTechnica:
“I would classify this as quite suspicious. Typically accidental leaks appear more voluminous and indiscriminate. This would appear to be targeted to financial institutions. A typical cause of these errors [is] in some sort of internal traffic engineering, but it would seem strange that someone would limit their traffic engineering to mostly financial networks.”
Rostelecom hasn’t commented to media about the incident. What we know is that sensitive information from around the world was flowing into Russia for 5-7 minutes. This would have allowed Russians to see and manipulate any of that traffic that was unencrypted at that time; or, at the least, see who was connecting and from where. Such information would be invaluable to hackers as it could not only reveal sensitive information but also the sources of financial transactions – who could then be targeted themselves.
The institutions that were affected by this hijacking are (info via BGPMon):
| AS | Autonomous System Name | |
| 49002 | Federal State Unitary Enterprise Russian | |
| 3561 | Savvis | |
| 41268 | LANTA Ltd | |
| 2559 | Visa International | |
| 8255 | Euro-Information-Europeenne de Traitemen | |
| 31627 | Servicios Para Medios De Pago S.A. | |
| 701 | MCI Communications Services, Inc. d/b/a | |
| 3259 | Docapost Bpo SAS | |
| 3303 | Swisscom (Switzerland) Ltd | |
| 3741 | IS | |
| 5553 | State Educational Institution of Higher | |
| 5630 | Worldline SA | |
| 8291 | The Federal Guard Service of the Russian | |
| 8677 | Worldline SA | |
| 9162 | The State Educational Institution of Hig | |
| 9221 | HSBC HongKong | |
| 9930 | TIME dotCom Berhad | |
| 11383 | Xand Corporation | |
| 12257 | EMC Corporation | |
| 12578 | SIA Lattelecom | |
| 12954 | SIA S.p.A. | |
| 15468 | 38, Teatralnaya st. | |
| 15632 | JSC Alfa-Bank | |
| 15742 | PJSC CB PrivatBank | |
| 15835 | ROSNIIROS Russian Institute for Public N | |
| 15919 | Servicios de Hosting en Internet S.A. | |
| 18101 | Reliance Communications Ltd.DAKC MUMBAI | |
| 25410 | Bank Zachodni WBK S.A. | |
| 26380 | MasterCard Technologies LLC | |
| 28827 | Fortis Bank N.V. | |
| 30060 | VeriSign Infrastructure & Operations | |
| 34960 | Netcetera AG | |
| 35469 | Ojsc Bank Avangard | |
| 50080 | Provus Service Provider SA | |
| 50351 | card complete Service Bank AG | |
| 61100 | Norvik Banka AS | |
| 200163 | Itera Norge AS | |
Russian government wants to do whatever they want on the Internet
Moscow, Russia even intends to be the first 5G connected city by 2020 – but all of that data will be stored by Russian telecoms under Russia’s Big Brother Law. Over the last year, Russia has shown their true colors when it comes to Internet rights: they’ve evicted Amnesty International, and coerced some companies like Twitter to move servers to Russia. The Russian government has even convinced some VPN companies to censor what the government wants. On the contrary, Private Internet Access has removed all servers from Russia following a separate incidence of questionable Russian seizure in July of last year.
Like this article? Get notified by email when there is a new article or signup to receive the latest news in the fight for Privacy via the Online Privacy News RSS Feed.
