My 12/12/10 Missoulian column
Last week, I covered how an Internet service provider in China “hijacked” part of the Internet last April for 18 minutes or so.
But there’s more to the story of how different parts of the backbone of the Internet trust each other to move data around using Border Gateway Protocol.
First, it wasn’t Internet data that were hijacked; it was Internet “name space,” meaning network addresses that changed for those 18 minutes. What happened was someone at the ISP reprogrammed a router – a device that “pipes” Internet traffic – to redirect data through that ISP. And so some Internet traffic started taking a route through that ISP, trusting that it was the most efficient.
It’s as if the post office accidentally trucked a small part of Missoula’s mail to Helena first and then back; that’s obviously not the most efficient route, but it’s not the same as someone in Helena actually getting someone else’s mail and reading it, too.
So huge amounts of Internet traffic didn’t suddenly change course for China, because when that one router relayed new routes to other networks, advising of this new, most efficient route, many other routers ignored the new instructions.
That’s because of authority checks built into Border Gateway Protocol; the other routers were going to wait a few hours and see if the new routes were accurate. And if they turned out to be, then those routes would be recommended to other parts of the Internet to use, and so on.
The data traffic passing through the ISP could have been captured, but the amount of data that could have been intercepted was very low, according to historical traffic records. And the 18 minute time frame of the change fits in with someone making the routing mistake, quickly realizing it, and changing it back.
This doesn’t hide the fact that the basic traffic routing protocols of the Internet, such as Border Gateway Protocol, are based on trust. When the Internet as we now know it was being designed, engineers knew the most efficient way for the network to work was based on trust: Either human trust to configure routes, or the electronic trust the engineers built into the devices to work efficiently by themselves.
Will Border Gateway Protocol be made more secure? That depends on other, more real hijacks in the future. But to rework Border Gateway Protocol into a version that can withstand malfeasance will require dropping the openness that is both a burden and an advantage to the Internet.