Russian telecom may have intentionally hijacked internet traffic bound for Mastercard, VISA, and more


On April 26, 2017, Rostelecom, a Russian telecom, hijacked large amounts of sensitive network traffic from over a dozen financial institutions including Mastercard and VISA. Rostelecom, one of the big four telecoms in Russia, did this by inaccurately announcing 36 network blocks as theirs through border gateway protocol (BGP) tables. This type of inaccurate announcement of network space and subsequent rerouting does happen by accident sometimes. However, the fact that over two dozen international financial institutions were affected, targeted really, makes it seem like this action was not accidental. A little digging reveals that Rostelecom happens to be owned (49%) by the Russian government. What’s more, multiple senior government officials currently hold board seats at Rostelecom.

Russian telecom hijacking of targeted financial Internet traffic is curious to say the least


BGPMon called the hijacking “curious.” Doug Madory from Dyn was more straightforward with his words; he told ArsTechnica:


“I would classify this as quite suspicious. Typically accidental leaks appear more voluminous and indiscriminate. This would appear to be targeted to financial institutions. A typical cause of these errors [is] in some sort of internal traffic engineering, but it would seem strange that someone would limit their traffic engineering to mostly financial networks.”
Rostelecom hasn’t commented to media about the incident. What we know is that sensitive information from around the world was flowing into Russia for 5-7 minutes. This would have allowed Russians to see and manipulate any of that traffic that was unencrypted at that time; or, at the least, see who was connecting and from where. Such information would be invaluable to hackers as it could not only reveal sensitive information but also the sources of financial transactions – who could then be targeted themselves.

The institutions that were affected by this hijacking are (info via BGPMon):

AS Autonomous System Name
49002 Federal State Unitary Enterprise Russian
3561 Savvis
41268 LANTA Ltd
2559 Visa International
8255 Euro-Information-Europeenne de Traitemen
31627 Servicios Para Medios De Pago S.A.
701 MCI Communications Services, Inc. d/b/a
3259 Docapost Bpo SAS
3303 Swisscom (Switzerland) Ltd
3741 IS
5553 State Educational Institution of Higher
5630 Worldline SA
8291 The Federal Guard Service of the Russian
8677 Worldline SA
9162 The State Educational Institution of Hig
9221 HSBC HongKong
9930 TIME dotCom Berhad
11383 Xand Corporation
12257 EMC Corporation
12578 SIA Lattelecom
12954 SIA S.p.A.
15468 38, Teatralnaya st.
15632 JSC Alfa-Bank
15742 PJSC CB PrivatBank
15835 ROSNIIROS Russian Institute for Public N
15919 Servicios de Hosting en Internet S.A.
18101 Reliance Communications Ltd.DAKC MUMBAI
25410 Bank Zachodni WBK S.A.
26380 MasterCard Technologies LLC
28827 Fortis Bank N.V.
30060 VeriSign Infrastructure & Operations
34960 Netcetera AG
35469 Ojsc Bank Avangard
50080 Provus Service Provider SA
50351 card complete Service Bank AG
61100 Norvik Banka AS
200163 Itera Norge AS[/QUOTE][/CENTER]
[/SIZE]

Russian government wants to do whatever they want on the Internet

Moscow, Russia even intends to be the first 5G connected city by 2020 – but all of that data will be stored by Russian telecoms under Russia’s Big Brother Law. Over the last year, Russia has shown their true colors when it comes to Internet rights: they’ve evicted Amnesty International, and coerced some companies like Twitter to move servers to Russia. The Russian government has even convinced some VPN companies to censor what the government wants. On the contrary, Private Internet Access has removed all servers from Russia following a separate incidence of questionable Russian seizure in July of last year.




[Privacy News Online]