Networks have weakened the interception – Newspaper Kommersant No. 13 (7458) of 01/25/2023

In 2022, the number of autonomous networks of Russian telecom operators that were involved in traffic interception has halved. Such incidents may occur by mistake of the operator itself or as a result of a deliberate attack by intruders and lead to the unavailability of Internet resources. The positive result was affected by increased security on provider networks, as well as the departure of foreign companies that loaded networks with the transfer of large amounts of information to parent structures abroad, experts say.

“Kommersant” got acquainted with the data of Qrator Labs, which specializes in cybersecurity, about the interception of traffic from Russian autonomous systems consisting of IP networks and routers controlled by one or more telecom operators. It follows from them that last year 2.5 thousand systems were affected by interceptions, almost half as many as in 2021. In 2020, the problem affected 3.6 thousand, and in 2019 – 4.7 thousand systems.

Last spring, after the outbreak of hostilities in Ukraine, experts recorded several large-scale incidents of interception of the traffic of Russian Internet providers by Ukrainian operators. For example, Lurenet pulled the traffic of networks belonging to Rostelecom, MegaFon, Vimpelcom, MTS and Transtelecom (TTK), among others. Due to the attack, services based on these networks were unavailable from different countries for ten hours (see Kommersant dated April 24, 2022). Then the incident affected 146 autonomous systems. VimpelCom, MegaFon and Transtelecom declined to comment. Rostelecom and MTS did not answer Kommersant.

Traffic interceptions are anomalies in its routing, which can be caused both by errors in configuring network equipment and by planned attacks by cybercriminals, Alexander Lyamin, founder and CEO of Qrator Labs, explains. The statistics take into account both the illegitimate “traffic pulling” by the autonomous system of someone else’s address space — these are manipulations with the source of traffic — and manipulations with its paths. For this, BGP interception (Border Gateway Protocol, border gateway protocol) is used – the operator can announce incorrect route data to a number of Internet resources throughout the network.

Intercepted networks receive invalid routing information and assume it is correct. Accordingly, their users could become potential victims. “For example, the contents of their e-mail, access passwords and other confidential data could be intercepted from users,” says Mr. Lyamin. If the interception occurred as a result of an operational error, then there may be no access to specific resources, he adds. Qrator Labs believes that numbers in 2022 have declined because telecom operators, as well as large companies that own autonomous systems, began to implement protection mechanisms and more correctly configure networks.

The attitude to cybersecurity has changed in general, Dmitry Schmidt, chief engineer of the DDoS-Guard network protection direction, adds: companies often conduct audits to find vulnerabilities in the perimeter and “cover them” before attackers get there.

DDoS-Guard believes that interception incidents are often associated primarily with the human factor, that is, the errors of specialists announcing traffic routes. Dmitry Petrov, General Director of Comfortel operator, notes that although the number of intruders and incompetent specialists has not decreased, a tool has appeared to eliminate the influence of the human factor on interception incidents. In particular, in his opinion, the main reason for the reduction in the number of attacks with traffic interception was the introduction of RPKI validation (a check based on public keys that helps to prove the authenticity of a resource on the Internet) on the border routers of backbone telecom operators.

Dmitry Ovchinnikov, Chief Specialist of the Department of Integrated Information Security Systems at Gazinformservice, adds that the departure of many foreign companies, including those that used cloud services to transfer their data to parent organizations, led to a simplification of the network. The decrease in system complexity, he explains, has led to a drop in the number of interception cases.

Tatyana Isakova