Routing Flaw Lets Pakistan Take YouTube Offline for 2 Hours

Censorship, Internet, Threat


Internet Censors

Internet Censors

This past Sunday, YouTube disappeared for about 2 hours.


It was an incredibly heavy handed attempt at censorship, gone awry. The map at the right displays the worst Internet censors.

And here’s how it played out. (We’ll apologize up front, because this may get technical).

When someone in Pakistan decided that a video on YouTube was blasphemous and rang up Pakistani Telecom, who turned around and decided that the to block the video, the solution would be to advertise a route to YouTube that went nowhere.

If they’d only propagated that route, internally within the borders of Pakistan, that might be a more or less acceptable solution.

But, as will happen, they screwed up and advertised that route upstream, to their provider, who without checking, accepted and propagated this new “best route” to YouTube to the world.

Tragic shame, all those squirrels riding skateboards couldn’t be seen, eh?

That’s not the half of it.

There’s no way to prevent such mistakes from happening, once they slip into the routing tables of the backbone of the Internet.

The routing protocol BGP (it stands for Border Gateway Protocol) works on a “trust basis”, where in theory, you trust what your routing peer tells you.

But you see, this same protocol could be hijacked in exactly the same way, maliciously.

Say you want to do some phishing. Say you’ve got a near perfect copy of Bank of America’s website. Say you poison the BGP routing tables, so your near perfect copy of the BOA website is getting all the traffic destined for the Bank of America?

Or say you’re a terrorist, and you want to neuter Homeland Security.

Or you’re a major spammer, and you hijack Yahoo’s addresses, to send spam that looks like it came from the authentic server.

Starting to see how badly this can break things?

2 Responses

  1. mastermind  •  February 28, 2008 @10:43 pm

    Yeah, really
    If I understand correctly, one of Pakistan’s ISP’s thought that they could somehow just block the offensive videos URL’s, while the other could not.
    The secondary ideology of “let’s ban the IP address,” is what got us in trouble here.

    ALL ISP’s should have, if they intend to do this, some form of URL filtering.

    All in all, it’s good that this happened. It brought to our attention a matter of international importance, as I have told many people.

    Here’s to an open Internet.

  2. axis  •  February 28, 2008 @10:45 pm

    An open Internet is the best way. The malicious potential is not cool.

    It kinda reminds me of all the nasty filtering thats going on with China.

    The Internet was designed to be an open way to exchange information and ideas, it needs to stay that way.

Leave a Reply

Allowed tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>