Internet service in and around Mogadishu, Somalia suffered a crippling blow recently as the East African Submarine System (EASSy) cable, which provides service to the area, was cut by the anchor of a passing ship. The government of Somalia estimated that the impact of the submarine cable cut was US$10 million per day and detained the MSC Alice, the cargo vessel that reportedly caused the damage.
The cable was repaired on 17 July. The incident is the latest in a series of recent submarine cable breaks (see Nigeria, Ecuador, Congo-Brazzaville and Vietnam) that remind us how dependent much of the world remains on a limited set of physical connections which maintain connectivity to the global Internet.
Internet in Mogadishu
The story of how high-speed Internet service came to Mogadishu is nothing short of remarkable. It involved Somali telecommunications personnel staring down the threat of a local terrorist group (Al-Shabaab) in order to establish Somalia’s first submarine cable connection. This submarine cable link would be vital if Mogadishu were to have any hope of improving its local economy and ending decades of violence and hunger. However, in January 2014, Al-Shabaab Continue reading
The title of the paper Who controls the Internet? Analyzing global threats using property traversal graphs is enough to ensnare any Internet researcher. The control plane for a number of attacks, as the paper points out, is the DNS due to the role it plays in mapping names to resources. MX records in the DNS control the flow of mail, CNAME records are used to implement content delivery networks (CDN) services, and TXT records are used to confirm access to and control over a namespace when implementing third party services. This post will cover an interesting case where control is exercised first via the DNS and then using BGP.
Below the DNS, in the depths of internet plumbing, is the lizard brain of internet routing, which is governed by the border gateway protocol (BGP). A common term to describe BGP routing is “hot potato” routing. BGP conversations occur between autonomous systems, ASes, which are identified by their autonomous system number ASN. The ASN represents a system of networks and the policy associated with their routing. ASes are issued regionally by Regional Internet Registries (RIRs), which receive blocks of AS numbers to hand out from the Internet Assigned Numbers Authority Continue reading
Earlier this morning, the national fiber backbone of Iraq was taken offline in an effort to combat cheating on 6th grade placement exams. It was the fourth such outage in the past five days. 2017 marks the third year Iraq has used government-directed internet blackouts to combat cheating on student exams.
These recent outages are a continuation of a growing (and somewhat puzzling) trend by governments in many developing parts of the world to cut communications services in a desperate attempt to staunch rampant cheating on high-stakes student exams.
In the summer of 2015, we broke the story of periodic early-morning outages of the national backbone of Iraq’s internet. These were the first such government-directed national internet outages to combat cheating on exams and were subsequently covered by publications such as Ars Technica and The Daily Beast.
As is our annual tradition, this blog provides a year-end review of how the Internet providers at the top of our Internet Intelligence – Transit global rankings fared over the previous year. The structure, performance and security of the Internet remains a huge blind spot for most enterprises, even those critically dependent on it for business operations. These are familiar topics that we’ve covered over the years in this blog and our Twitter feed, and 2016 was no different. We saw bogus routing and subsequent grossly misdirected traffic from Ukraine and Iran, for just two examples. We saw cable breaks, new cable activations, censorship and crippling attacks. And much, much more. Dyn provides such critical insight into the structure and performance of the Internet, both real-time and historical, and uses this data set to make 40 billion traffic steering decisions daily for customers.
Back in 2008, we chose to look at the 13 providers that spent at least some time in the Top Ten that year, hence the name “Baker’s Dozen“. We repeated that exercise in 2009, 2010, 2011, 2012, 2013 Continue reading
Recent submarine cable-related developments have impacted internet connectivity in locales as diverse as Vietnam, Cuba, India, the Marshall Islands and Russia’s Kamchatka Peninsula. In this blog post, we report on positive developments in Cuba and Russia and a few notable cable failures in other parts of the world.
Vietnam
The internet of Vietnam got off to a shaky start in 2017 when, on 8 January, the America-Asia Gateway (AAG) submarine cable experienced yet another of its many failures. In September of last year, Tuoi Tre News reported that AAG had suffered its 10th failure in three years, prompting VietnamNet to ask the question: Why does the AAG underwater cable have to be repaired so often? Over the years, we have frequently analyzed these cable breaks. (For example, see this, this or this.)
Internet performance in Ho Chi Minh City suffers greatly during these unfortunate episodes. For Saigontourist Cable Television (SCTV), the recent break meant a brief disruption in connectivity and the loss of NTT transit as illustrated below.
Last week, we reported via Twitter that the Iranian state telecom TIC hijacked address space containing a number of pornographic websites. The relevant BGP announcement was likely intended to stay within the borders of Iran, but had leaked out of the country in a manner reminiscent of Pakistan’s block of Youtube via BGP hijack in 2008. Over the weekend, TIC performed BGP hijacks of additional IP address space hosting adult content as well as IP addresses associated with Apple’s iTunes service.
Iranian state telecom hijacking IP space that is hosting adult websites. Censorship leaking out of Iran? #bgphijack pic.twitter.com/t4XTLnQhIS
— Dyn Research (@DynResearch) January 6, 2017
In addition, in 2015 on this blog we reported that a new DNS root server instance in Tehran was being leaked outside Iran, a situation that was quickly rectified at that time. Despite the fact that the Tehran K-root is intended to only be accessible within Iran, as we will see below, it is currently being accessed by one of the largest US telecommunications companies.
Iranian BGP-based Censorship
Last week, Iranian state telecom announced a BGP hijack of address space (99.192.226.0/24) hosting numerous pornographic websites. Continue reading
Last week, we reported via Twitter that the Iranian state telecom TIC hijacked address space containing a number of pornographic websites. The relevant BGP announcement was likely intended to stay within the borders of Iran, but had leaked out of the country in a manner reminiscent of Pakistan’s block of Youtube via BGP hijack in 2008. Over the weekend, TIC performed BGP hijacks of additional IP address space hosting adult content as well as IP addresses associated with Apple’s iTunes service.
Iranian state telecom hijacking IP space that is hosting adult websites. Censorship leaking out of Iran? #bgphijack pic.twitter.com/t4XTLnQhIS
— Dyn Research (@DynResearch) January 6, 2017
In addition, in 2015 on this blog we reported that a new DNS root server instance in Tehran was being leaked outside Iran, a situation that was quickly rectified at that time. Despite the fact that the Tehran K-root is intended to only be accessible within Iran, as we will see below, it is currently being accessed by one of the largest US telecommunications companies.
Iranian BGP-based Censorship
Last week, Iranian state telecom announced a BGP hijack of address space (99.192.226.0/24) hosting numerous pornographic websites. Continue reading
The northern Syrian city of Aleppo is one of the key battlegrounds of that country’s on-going civil war as well as the epicenter of the European refugee crisis. The most appropriate United States response to events in Aleppo has become a major foreign policy question among the candidates in this year’s U.S. presidential election. Experts are now predicting that forces loyal to President Bashar al-Assad, backed by the Russian military, will take control of rebel-held eastern Aleppo within weeks. The image below (from Wikipedia) illustrates the the current state (as of 9 October 2016) of the conflict in Aleppo, depicting rebel-held regions in green and those under government control in red.
From a BGP routing standpoint, this development was reflected by the disappearance of AS24814 — we first reported the appearance of AS24814 serving Aleppo in 2013. At 14:42 Continue reading
Earlier this month, security blogger Brian Krebs broke a story about an Israeli DDoS-for-hire service, vDOS, which had been hacked, revealing “tens of thousands of paying customers and their (DDoS) targets.” Afterwards, Krebs noticed that vDOS itself was also a victim of a recent BGP hijack from a company called BackConnect, which claims to be the “world’s first and leading open source based DDoS and network security provider.”
Bryant Townsend, CEO of BackConnect, confirmed to Krebs that they had indeed conducted a BGP hijack on vDOS, but claimed that it was for “defensive purposes.” In an email to the NANOG list, Townsend explained that in doing so they “were able to collect intelligence on the actors behind the botnet as well as identify the attack servers used by the booter service,” implying this was a one-time event. Krebs then contacted Dyn for some assistance in researching what appeared to be a series of BGP hijacks conducted by BackConnect over the past year. What emerges from this analysis is that the hijack against vDOS probably wasn’t the first time BackConnect used BGP hijacks in the course of its business. And via the use of Continue reading |
Early this morning in Syria, the Internet was almost entirely down for four hours. It was the ninth such outage since 31 July 2016 — each one lasting from approximately 4am to 8am local time. And, according to sources inside Syria, the objective of these outages was to prevent cheating on national High School exams. The motivation for today’s national outage: a Chemistry final.
It is striking how far we have come since Egypt in 2011, when their country-wide outage was a huge international story. National Internet blackouts are so routine and banal that they are now becoming a common tactic to prevent cheating among youth. In fact, this latest round Continue reading
Last week I published a blog that discussed the role Dyn has played in major international news stories. This week I’ve decided to pull back the curtain a bit and give you an in-depth look into how something like this goes down.
This past month you may have read in publications like Vice, NBC or Bloomberg about a Facebook clone operating out of North Korea. You may have also noticed that it was our research team that first discovered this. Finally, you probably asked: how did they see this and why does Dyn care about Kim Jong-un and social networks?
I can answer the latter question first. At Dyn we are passionate about the performance of the internet. We believe the internet is a tool with unlimited potential. What is fascinating though is that it is a flawed tool. The internet by its very nature is volatile. There are outages and threats happening every day. It is up to the companies who want to use this tool to understand this volatility and prepare for it. At Dyn we believe with the right Internet Performance Management strategy you can own the Internet.
But to do that you must know the issues. Continue reading
As a former journalist, I find my role as Director of Corporate Comms at Dyn fascinating. Based on the fact that Dyn has a unique perspective of the internet and employs world-class data scientists, we frequently find ourselves at the center of news cycles – though it would be more accurate to call them storms because of the flurry of activity that happens in a short period of time.
There was no greater example of this than in December of 2014 when our own Doug Madory was the first person to discover that North Korea was offline. This was at the time of North Korea’s alleged hack of Sony, which was major international news. When Doug sent out his first tweet the media floodgates opened. I remember fielding calls from Japanese television stations.
This happened on a smaller scale when Iraq shut down the internet and when a Facebook clone went online in North Korea. However, the most recent event came just last week when the Turkish military staged an unsuccessful coup in Istanbul.
While it is exciting to play a role in these breaking news situations and the exposure for Dyn is always good, the Continue reading
Before students around the world can embrace summer vacation, they must first endure final exams. This time-tested tradition brings late night cram sessions, the regurgitation of facts and figures, nail biting and sweaty palms. For those who work hard, final exams can build character. And for those who started their summer break too early, there’s an easier option: cheating.
As the spouse of a teacher, I know cheating is a major concern in classrooms around the world. Teachers have a variety of tricks to prevent this including watching their students like hawks, giving out different tests, not allowing labeled bottled drinks or even requiring an ID before entering the room.
Of course, some countries take their prevention measures to the extreme. Iraq literally shut off the internet and Algeria blocked Twitter and Facebook. All of this in an effort to prevent cheating. Yikes!
This is a great reminder of a couple of things:
The internet is a tool. A tool is only as valuable as the hands it is in. It can be used for bad purposes. It can also be used to transform the world. I look at stories like how Land O’Lakes is leveraging data to help their Continue reading
Our Baker’s Dozen blog focuses on the top global Internet providers as measured by quantity of transited IP space. If your market is not truly global, it pays to consider your provider options by region, country or even city. Our Internet Intelligence product suite is designed around helping our customers understand the structure, performance and reliability of the Internet regardless of their geographic scope or potential providers. In other words, there is a lot more to consider than just a top global list by a single metric. To explore this topic further, we’ll look one geographic level deeper into the Internet Intelligence – Transit rankings for the top-5 providers by continent. As we’ll see below, these can vary considerably from our top global list and even include other players with a more regional focus. Let’s take a quick look.
At the end of 2015, Cogent (AS174) was ranked as the #4 global provider by our metric, but it closed the year as #1 in Africa, opening up a wide margin over Level 3 (AS3356), its nearest competitor on the continent. Cogent started transiting a sizeable number of new prefixes from South Africa’s Continue reading
As is our annual tradition, this blog provides a year-end review of how the Internet providers at the top of our Internet Intelligence – Transit global rankings fared over the previous year. The structure and performance of the Internet remains a huge blind spot for most enterprises, even those critically dependent on it for business operations. Whether it’s the next 3 billion people coming online, poor performance due to suboptimal routing, impaired connectivity due to natural disasters or sabotage, slow DNS performance, routing leaks, or security breaches of a trust-based Internet infrastructure, Dyn provides critical insight into the structure and performance of the Internet, both real-time and historical, via its Internet Intelligence product suite. More importantly, our services help our customers make the changes necessary to optimize Internet availability, reliability, and reach in a very dynamic environment.
Back in 2008, we chose to look at the 13 providers that spent at least some time in the Top Ten that year, hence the name “Baker’s Dozen“. We repeated that exercise in 2009, 2010, 2011, 2012, 2013, and 2014. During the past 8 years, I’ve Continue reading
Last fall, the Interior Minister of Ukraine announced the creation of a national Cyberpolice (Кіберполіцію) to protect the country from everything from credit card fraud to malware. Here’s something that would be great to add to their list: fraudulent BGP routing out of Ukraine. Last year, we reported on an incident in which Ukrainian ISP Vega hijacked routes from British Telecom (including that of the UK’s Atomic Weapons Establishment), an event that could perhaps be chalked up to an innocent mistake. However, the fraudulent routing we’re now seeing from Ukraine is deliberately designed to go unnoticed. We’ll review some of this new behavior in this blog.
Governments take note
The profile of this issue has grown in the past year as governments have had to respond to their address space being fraudulently used. Last July, the Dutch Minister of Foreign Affairs (pictured right) was confronted with parliamentary questions concerning an incident where “attackers” had commandeered IP address space belonging to the Ministry of Foreign Affairs the previous year. In that incident, on 18 November 2014, Decision Marketing (AS62228) out of Sofia, Bulgaria began globally announcing eleven BGP routes that did not belong to Continue reading |
This week marks a somber milestone in Internet history: the 5-year anniversary of former Egyptian President Hosni Mubarak’s order to shutdown his country’s access to the global Internet amid widespread protests. Similar popular protests would sweep through the region during a time frame that became known as the Arab Spring. Within days of the Egyptian blackout, Internet service would be restored and Mubarak would resign after 30 years in power.
Egypt
On the evening of 27 January 2011 (US Eastern Time), we were alerted to the Egyptian blackout by our BGP route monitoring system. Within minutes, I was assisting my colleague Jim Cowie in Continue reading
Dyn prides itself on being fast, but how do we measure ourselves? How do we compare to everyone else? With all the vagaries of DNS measurement due to caching effects, congestion, and routing irregularity, is it even possible to devise a useful, believable metric, one that anyone could validate for themselves? Dyn Research decided to tackle this challenge and this blog explains our approach. We encourage our readers to suggest improvement and try this methodology out for themselves.
Over the years Dyn has built a high-performing authoritative DNS network using strategic placement of sites and carefully engineered anycast to provide low-latency performance to recursive name servers all over the world. We use our Internet performance monitoring network of over 200 global “vantage points” to monitor DNS performance and our comprehensive view of Internet routing from over 700 BGP peering sessions to make necessary routing adjustments. This synthetic DNS monitoring and routing analysis are important tools to understand performance. But since the ultimate goal is delivering a good user experience, it’s important to measure performance from the user’s perspective. (We have written about the importance of user-centric DNS performance testing in the past.)
User perception of DNS performance depends on Continue reading
Just after midnight local time on 22 November, saboteurs, presumably allied with Ukrainian nationalists, set off explosives knocking out power lines to the Crimean peninsula. At 21:29 UTC on 21 November (00:29am on 22-Nov, local time) , we observed numerous Internet outages affecting providers in Crimea and causing significant degradation in Internet connectivity in the disputed region.
With Crimean Tatar activists and Ukrainian nationalists currently blocking repair crews from restoring power, Crimea may be looking at as much as a month without electricity as the Ukrainian winter sets in. Perhaps more importantly, the incident could serve as a flash point spurring greater conflict between Ukraine and Russia. |
Impacts
The impacts can be seen in the MRTG traffic volume plot from the Crimea Internet Exchange — the drop-offs are noted with red arrows and followed by intermittent periods of partial connectivity.
In the past week, we have detected the first signs of the Internet returning to Syria’s largest city, Aleppo. Internet service in this part of the country was knocked out on March 24 — over seven months ago. Internet connectivity, and the lack of it, has been a continuing subplot to this bloody civil war well into its fifth year.
A notable difference with the restored service is that it is no longer routed via Turkey (as it had been) — likely due to the fact that the Syrian government no longer controls the ground between Aleppo (in the northern part of the country) and Turkey. The restoration of Internet service in Aleppo may be an outcome of Russia’s recent engagement (with assistance from Iran) in the battle for Aleppo — and perhaps an indicator of the scales tipping towards government forces in this protracted battle.
Background
The first Syrian Internet shutdown occurred in June 2011 during ‘Arab Spring’ protests as two thirds of the country’s routed networks were taken down for over 48 hours. As the conflict has continued over the years, Syria has suffered numerous Internet blackouts including a multi-day outage in November Continue reading