Facebook, Instagram and WhatsApp all stopped working today with the root cause a failed BGP update, But what is BGP?
Border Gateway Protocol (BGP) is a standardised gateway protocol that exchanges routing information across autonomous systems (AS) on the Internet.
Border Gateway Protocol is the protocol that makes the Internet work. Networks or autonomous systems that need to interact with each other do so through peering, which is made possible with BGP.
When one network router is connected to other networks it cannot determine which network is the best network to send its data to by itself. Border Gateway Protocol considers all peering partners that a router has and sends traffic to the router that is closest to the data’s destination. This communication is possible because, at boot, BGP allows peers to communicate their routing information and then stores that information in a Routing Information Base (RIB).
Issues with Border Gateway Protocol
Border Gateway Protocol was originally created in 1989 as a quick fix for the Internet but it has remained the primary protocol for long-distance traffic. Since then, however, cyber threats have evolved and BGP has not kept up.
Border Gateway Protocol abuse is called BGP hijacking which is possible because the protocol relies on trusting advertised routes. There have been multiple attempts at making a more secure version of BGP but implementation is extremely problematic. Most of the new versions are unable to communicate with standard BGP which means that every AS across the world would have to adopt the new protocol simultaneously.
A few BGP incidents that have taken place in the past include:
In 2004, TTNet, a Turkish Internet service provider (ISP), advertised bad BGP routes that claimed they were the best destination for all traffic on the Internet. The issues only lasted one day but many people across the world were unable to access the Internet.
In 2008, a Pakistani ISP attempted to block Pakistani users from accessing YouTube by routing traffic to a black hole. The route was accidentally advertised to neighbouring routers which propagated the route across the world. In this instance, YouTube was only inaccessible for several hours.
In 2018 attackers deliberately created bad BGP routes to redirect traffic meant for Amazon’s DNS service. By redirecting the traffic to themselves, they were able to steal $100,000 of cryptocurrency.