BGPstream and The Curious Case of AS12389

Screen Shot 2017-04-26 at 8.40.27 PM

The world of BGP routing is a fascinating place with lots of interesting BGP events happening every day. It can be challenging to keep track of it all and so two years ago we started the BGPstream website where we keep track of large scale outages and BGP hijacks. We list the events, basic info and visualize it with one of my favorite tools: BGPlay. For those who keep an eye on @bgpstream , you probably noticed a curious series of BGP hijacks today all by the same Autonomous system affecting many well known networks.

Starting at April 26 22:36 UTC till approximately 22:43 UTC AS12389 (PJSC Rostelecom) started to originate 50 prefixes for numerous other Autonomous systems. The 50 hijacked prefixes included 37 unique autonomous systems and the complete list of affected networks can be found below. If your organization is in this list feel free to reach out and we can provide more details if needed. Keep in mind that many of these hijacks are already published on as well.

So back to this incident, what happened here? What makes the list of affected networks ‘curious’ is the high number of financial institutions such as for example: MasterCard,Visa, Fortis,Alfa-Bank,card complete Service Bank and more.

The other curious thing is that this included several more specific prefixes. One example is this one for HSBC
This indicates this is not your typical ‘leak’ (say BGP > OSPF > BGP). Because the prefix does not normally exist as a /24, someone (likely 12389 Rostelecom) are inserting it in their routing tables themselves. The question is why? One typical scenario is because of some kind of traffic engineering or traffic redirection.

Incident replay

It’s also worth noting that at the same time as the hijacks we did see many (78) new advertisements originated by 12389 for prefixes by ‘other’ Rostelecom telecom ASns (29456,21378,13056,13118,8570). So something probably went wrong internally causing Rostelecom to start originating these new prefixes.

For sure an interesting and curious case, so keep an eye on @bgpstream or sign-up for our BGP monitoring service and be alerted as soon as it happens!

Below the list of affected networks (other Rostelecom networks excluded)

AS Autonomous System Name
49002 Federal State Unitary Enterprise Russian
3561 Savvis
41268 LANTA Ltd
2559 Visa International
8255 Euro-Information-Europeenne de Traitemen
31627 Servicios Para Medios De Pago S.A.
701 MCI Communications Services, Inc. d/b/a
3259 Docapost Bpo SAS
3303 Swisscom (Switzerland) Ltd
3741 IS
5553 State Educational Institution of Higher
5630 Worldline SA
8291 The Federal Guard Service of the Russian
8677 Worldline SA
9162 The State Educational Institution of Hig
9221 HSBC HongKong
9930 TIME dotCom Berhad
11383 Xand Corporation
12257 EMC Corporation
12578 SIA Lattelecom
12954 SIA S.p.A.
15468 38, Teatralnaya st.
15632 JSC Alfa-Bank
15742 PJSC CB PrivatBank
15835 ROSNIIROS Russian Institute for Public N
15919 Servicios de Hosting en Internet S.A.
18101 Reliance Communications Ltd.DAKC MUMBAI
25410 Bank Zachodni WBK S.A.
26380 MasterCard Technologies LLC
28827 Fortis Bank N.V.
30060 VeriSign Infrastructure & Operations
34960 Netcetera AG
35469 Ojsc Bank Avangard
50080 Provus Service Provider SA
50351 card complete Service Bank AG
61100 Norvik Banka AS
200163 Itera Norge AS

Read more here:: BGPmon

Cyberespionage, ransomware big gainers in new Verizon breach report

Verizon released its tenth annual breach report this morning, and cyberespionage and ransomware were the big gainers in 2016.

Cyberspionage accounted for 21 percent of cases analyzed, up from 13 percent last year, and was the most common type of attack in the manufacturing, public sector, and education.

In fact, in the manufacturing sector, cyberespionage accounted for 94 percent of all breaches. External actors were responsible for 93 percent of breaches, and, 91 percent of the time, the target was trade secrets.

Meanwhile, the number of ransomware attacks doubled compared to the previous year.

To read this article in full or to leave a comment, please click here

Read more here:: IT news – Security

Ransomware attacks are taking a greater toll on victim’s wallets

The hackers spreading ransomware are getting greedier. In 2016, the average ransom demand to free computers hit with the infection rose to US$1,077, up from $294 the year before, according to security firm Symantec.

“Attackers clearly think that there’s more to be squeezed from victims,” Symantec said in a Wednesday report.

In addition, the security firm has been detecting more ransomware infection attempts. In 2016, the figure jumped by 36 percent from the year prior.

That doesn’t bode well for the public. Ransomware is notorious for taking over computers, and essentially holding them hostage. To do so, the malicious coding encrypts all the data inside, and then demands a fee, usually in bitcoin, in exchange for releasing the machine.

To read this article in full or to leave a comment, please click here

Read more here:: IT news – Security

How to find out your Uber rating

Uber used to make it difficult to find out your passenger rating. To find out if you were a 5-star rider, you had to ask a driver (and they would usually tell you, but that’s kind of an awkward conversation) or toggle through some menu options to submit a request to Uber.

As of this week, finding your rating is simple. Super easy. In fact, you can’t miss it. Uber is putting your stars just beneath your name in the top left of the app.

Uber says the change is because riders “forget that their driver is also rating them, too, and things like eating in the car, slamming the door, or trying to pile in more people than seatbelts can impact whether it’s a 5-star experience for drivers.” I don’t know anyone who forgets that drivers rate them, too. Some people are on a quest to be 5-star passengers, while others just want to know if their behavior is costing them stars.

To read this article in full or to leave a comment, please click here

Read more here:: IT news – Internet

Companion mobile app exposed Hyundai cars to potential hijacking

The mobile application that accompanies many Hyundai cars exposed sensitive information that could have allowed attackers to remotely locate, unlock, and start vehicles.

The vulnerability was patched in the latest version of the mobile app released in March but was publicly disclosed on Tuesday. It is the latest in a string of flaws found over the past few years in the “smart” features added by vehicle manufacturers to their cars.

The Hyundai issue was discovered by independent researchers William Hatzer and Arjun Kumar when analyzing the MyHyundai with Blue Link mobile app.

Blue Link is a subscription-based technology that’s available for many Hyundai car models released after 2012. It allows car owners to remotely locate their vehicles in case of theft, to remotely unlock them if they lose or misplace their keys, and even to remotely start or stop their engine when they’re parked and locked.

To read this article in full or to leave a comment, please click here

Read more here:: IT news – Security

California bill would force utilities to give rebates for energy-storage systems

A bill that recently won state Senate committee approval would make California the first state to require utilities to dole out rebates to customers who install energy storage systems.

The Energy Storage Initiative (SB700) was approved last week by the state’s Senate Energy, Utilities and Communications Committee and is awaiting a full senate vote.

The bill, authored by State Sen. Scott Wiener, a Democrat, would require the electric utilities to provide rebates to their customers by Dec. 1, 2018 for the installation of energy storage systems meeting certain requirements.

To read this article in full or to leave a comment, please click here

Read more here:: IT news – Hardware Systems

FCC chairman plans to ‘reverse the mistake’ of net neutrality

The U.S. Federal Communications Commission will vote on May 18 to kick off a proceeding to “reverse the mistake” of the agency’s 2-year-old net neutrality rules, FCC Chairman Ajit Pai said.

The rulemaking proceeding would be the first step toward repealing the regulations and reversing the agency’s 2015 decision to classify broadband as a regulated, telecom-like service.

Pai didn’t provide a lot of detail about his proposal during a speech Wednesday, but during the rulemaking, the FCC will seek public comment on how best to move forward with new net neutrality rules or guidelines, he said. The FCC is scheduled to release the text of Pai’s proposal on Thursday.

To read this article in full or to leave a comment, please click here

Read more here:: IT news – Internet

Nvidia’s offering three free VR games if you buy a GTX 10 Series card and an Oculus Rift + Touch

We’ve seen several deals and giveaways for virtual-reality headsets in recent months, but those mostly involved the HTC Vive. This time around, Nvidia and Oculus have teamed up for a Rift-flavored deal: Currently, if you buy a select GeForce GTX 10 Series card and the Oculus Rift + Touch, you’ll three VR games for free.

The deal began on April 25 and lasts until Tuesday, June 13, 2017, or while supplies last. Nvidia says both Newegg and Amazon have this deal. However, while Newegg definitely offers the deal as described by Nvidia, Amazon seems to limit you to specific, preset bundles.

To read this article in full or to leave a comment, please click here

Read more here:: IT news – Hardware Systems

29% off Cooler Master Hyper 212 EVO CPU Cooler with 120mm PWM Fan – Deal Alert

The Hyper 212 EVO now features four Cooler Master patented Continuous Direct Contact (CDC) heat pipes that are tightly packed into a flat array on the CPU Cooler base. This acts as a virtual vapor chamber that dissipates a large amount of heat. The aluminum fin structure has been optimized to provide the perfect performance balance between high and low speed fan operations. The fan averages 4.4 out of 5 stars from over 7,600 people on Amazon (read reviews here), where its typical list price of $34.99 has been reduced 29% to just $24.99. See this deal on Amazon.

To read this article in full or to leave a comment, please click here

Read more here:: IT news – Hardware Systems

Google becomes first foreign internet company to launch service in Cuba

Google servers inside Cuba are now live on the internet, marking a major milestone in the country’s communications evolution and promising faster access to Google’s services for Cuban users.

The computers are part of Google’s global network of caching servers, which store frequently requested content locally so it doesn’t have to be accessed over long distances.

That speeds up access in any country but is particularly important in a nation like Cuba, which has relatively low connectivity to the rest of the world.

Cuba is connected to the rest of the internet almost exclusively via the ALBA-1 submarine cable, which runs from the island to Venezuela, said Doug Madory, director of internet analysis at Dyn Research. Dyn was first to spot the emergence of the Google caching servers on the internet.

To read this article in full or to leave a comment, please click here

Read more here:: IT news – Internet