Our freedom loving *cough* allies in the middle east made a rather huge faux pas over the weekend. The benevolent and democratic *cough* government of Pakistan decided that the YouTube contains content that is blasphemous, and that the free people of Pakistan should not be allowed permitted forced to watch such trash. So they issued a mandate that the YouTube was to be blocked so that the intelligent and free *cough* people of Pakistan would not be subjected to such filth.
One Pakistani ISP decided the best way to stop the nefarious YouTube from breaching Pakistani’s peace loving *cough* borders was to change, in the BGP tables in their routers, where the YouTube was located to a server within Pakistan.
This seemed to work out very well…but probably was not fully thought out. Because when the ISP’s router began broadcasting the change, it was picked up world wide, causing all traffic meant for the YouTube – worldwide – to be re-directed to said server. This caused the YouTube to be unreachable for about an hour, and for the telecom delivering the majority of Pakistan’s bandwidth to shut down their connection while things were sorted out.
I’m certain this ‘poisoning’ of the Internet was completely unintentional. Just an example of someone probably wanting to take a short cut in their work without fully realizing how their equipment worked (and these are the people we outsource tech support to? – no, wait, that’s India, never mind). But this got me to thinking about something similar happening maliciously.
For instance, say someone altered their BGP tables to point charlesschwab.com to a server they controlled with a website which had the same look and feel of the real charlesschwab.com. Now, it is fairly easy to tell a phishing site from the real website, if the address is something like www.charlesschwab.com.itakeyoumoney.net, then one is probably not at the charlesschwab.com website. But with the users being re-directed at the level we’re talking about, the address would still see www.charlesschwab.com. How would one know? So you enter your username and password and get an error about the site being down for maintenance or some such, and to try back in an hour or so. And when it is tried again, this time going back to the real charlesschwab.com website, everything works and nobody’s the wiser.
Kinda scary to think it about…isn’t it?
Now I haven’t been in the hardware side of the house for a long, long time, and even when I was, my knowledge didn’t go that deep. But the scenario sure seems plausible on the surface. There are probably a wide range of reasons it wouldn’t work.
source
Technorati Tags: Pakistan, BGP, YouTube, Internet
Stumble it!
Crescent of Betrayal Blogroll
Kansas Bloggers
February 25th, 2008 
514 Comment from
17:00 
Write a comment
About
Your a jackass and your “sarcastic” remarks are not funny, they are at the level of a 3rd grader…