Yesterday’s Internet Outage In Parts of U.S. and Canada You Didn’t Hear About

How a Tiny Error Shut Off the Internet for Parts of the US and Canada

Reposted from Wired

Lily Hay Newman13 hrs ago

© Joe Raedle

A year ago, a DDoS attack caused internet outages around the US by targeting the internet-infrastructure company Dyn, which provides Domain Name System services to look up web servers. Monday saw a nationwide series of outages as well, but with a more pedestrian cause: a misconfiguration at Level 3, an internet backbone company—and enterprise ISP—that underpins other big networks. Network analysts say that the misconfiguration was a routing issue that created a ripple effect, causing problems for companies like Comcast, Spectrum, Verizon, Cox, and RCN across the country.

Level 3, whose acquisition by CenturyLink closed recently, said in a statement to WIRED that it resolved the issue in about 90 minutes. “Our network experienced a service disruption affecting some customers with IP-based services,” the company said. “The disruption was caused by a configuration error.” Comcast users started reporting internet outages around the time of the Level 3 outages on Monday, but the company said that it was monitoring “an external network issue” and not a problem with its own infrastructure. RCN confirmed that it had some network problems on Monday because of Level 3. The company said it had restored RCN service by rerouting traffic to a different backbone.

 

© Downdetector.com 

The misconfiguration was a “route leak,” according to Roland Dobbins, a principal engineer at the DDoS and network-security firm Arbor Networks, which monitors global internet operations. ISPs use “Autonomous Systems,” also known as ASes, to keep track of what IP addresses are on which networks, and route packets of data between them. They use the Border Gateway Protocol (BGP) to establish and communicate routes. For example, packets can route between networks A and B, but network A can also route packets to network C through network B, and so on. This is how internet service providers interoperate to let you browse the whole internet, not just the IP addresses on their own networks.

In a “route leak,” an AS, or multiple ASes, issue incorrect information about the IP addresses on their network, which causes inefficient routing and failures for both the originating ISP and other ISPs trying to route traffic through. Think of it like a series of street signs that help keep traffic flowing in the right directions. If some of them are mislabeled or point the wrong way, assorted chaos can ensue.

Route leaks can be malicious, sometimes called “route hijacks” or “BGP hijacks,” but Monday’s incident seems to have been caused by a simple mistake that ballooned to have national impact. Large outages caused by accidental route leaks have cropped up before.

“Folks are looking to tweak routing policies, and make mistakes,” Arbor Networks’ Dobbins says. The problem could have come as CenturyLink works to integrate the Level 3 network or could have stemmed from typical traffic engineering and efficiency work.

Internet outages of all sizes caused by route leaks have occurred occasionally, but consistently, for decades. ISPs attempt to minimize them using “route filters” that check the IP routes their peers and customers intend to use to send and receive packets and attempt to catch any problematic plans. But these filters are difficult to maintain on the scale of the modern internet and can have their own mistakes.

Monday’s outages reinforce how precarious connectivity really is, and how certain aspects of the internet’s architecture—offering flexibility and ease-of-use—can introduce instability into what has become a vital service.

Kaspersky Lab Security Software Implicated in Russian NSA Breach

UPDATE, October 11:

Israel hack uncovered Russian spies’ use of Kaspersky in 2015 – The Guardian

An Israeli security agency hacked into Russian antivirus firm Kaspersky Lab in 2015, providing the crucial evidence required to ban the company from providing services to the US government, according to a report.

While the Israeli spies were inside Kaspersky’s systems, they observed Russian spies, in turn, using the company’s tools to spy on American spies, the New York Times reports. That information, handed to the US, led to the decision in September to end the use of the company’s software across the federal government by December.

Read More: Israel hack discovered Russian spies use of Kaspersky Lab in 2015

Kaspersky Anti-Virus Software Includes a Feature That Copies Files And Provides A Backdoor for Russian Hackers – WSJ

Many know the name Kaspersky well. Others may only dimly recognize the brand name. Its anti-virus and Internet security software has been around for years in computer stores and OEM’d with computer systems. More than a year ago, I became concerned about what I was learning about Kaspersky Lab and its headquarters in Moscow, I began asking myself hypothetical rhetorical questions. What if Kaspersky was quietly working with the Russian FSB? What if Kaspersky had installed a sleeping Trojan Horse in millions of copies of its consumer computer security software? I was a user of Kaspersky Lab cybersecurity software myself. I knew that it was rated very highly by the tech journals. I liked its elegance and simplicity compared with other competitor products from U.S. based companies like Symantec and McAfee.  Nevertheless, as the Russian hacking of the 2016 election became an ever-larger issue, I decided to pull the plug on Kaspersky because of my fears, though there was no direct evidence of collusion between Kaspersky and the Kremlin at that time, wiped my system clean, and installed another competitor product.

Today, the Wall Street Journal has reported that Kaspersky software is implicated in the most serious breach of NSA security in years, validating my gut instinct decision more than a year ago.  My first hint of the serious nature of the Kaspersky/Kremlin connection came in a murky story related to the earliest public report on the Russian hacking stating with very high confidence that specific FSB officers and Kremlin officials had ordered and orchestrated the hacking. One of those individuals was also a senior engineer at Kaspersky Lab.  U.S. Senator Jeanne Shaheen, (D., N.H.) said in a statement: “This development should serve as a stark warning, not just to the federal government but to states, local governments, and the American public, of the serious dangers of using Kaspersky software.”  She added: “The strong ties between Kaspersky Lab and the Kremlin are extremely alarming and have been well-documented for some time. It’s astounding and deeply disturbing that the Russian government continues to have this tool at their disposal to harm the United States.”

Read more:

Source: Russian Hackers Stole NSA Data on U.S. Cyber Defense – WSJ 

Russian Hackers Stole NSA Data on U.S. Cyber Defense

The breach, considered the most serious in years, could enable Russia to evade NSA surveillance and more easily infiltrate U.S. networks

By

Gordon Lubold and

Shane Harris

The Wall Street Journal

Oct. 5, 2017 12:48 p.m. ET

The National Security Agency campus in Fort Meade, Md. An NSA contractor took highly sensitive data from the complex and put it on his home computer, from which it was stolen by hackers working for the Russian government, people familiar with the matter said.PHOTO: PATRICK SEMANSKY/ASSOCIATED PRESS

WASHINGTON—Hackers working for the Russian government stole details of how the U.S. penetrates foreign computer networks and defends against cyber attacks after a National Security Agency contractor removed the highly classified material and put it on his home computer, according to multiple people with knowledge of the matter.

The hackers appear to have targeted the contractor after identifying the files through the contractor’s use of a popular antivirus software made by Russia-based Kaspersky Lab, these people said.

The theft, which hasn’t been disclosed, is considered by experts to be one of the most significant security breaches in recent years. It offers a rare glimpse into how the intelligence community thinks Russian intelligence exploits a widely available commercial software product to spy on the U.S.

The incident occurred in 2015 but wasn’t discovered until spring of last year, said the people familiar with the matter.

The stolen material included details about how the NSA penetrates foreign computer networks, the computer code it uses for such spying and how it defends networks inside the U.S., these people said.

Having such information could give the Russian government information on how to protect its own networks, making it more difficult for the NSA to conduct its work. It also could give the Russians methods to infiltrate the networks of the U.S. and other nations, these people said.

The breach is the first known incident in which Kaspersky software is believed to have been exploited by Russian hackers to conduct espionage against the U.S. government. The company, which sells its antivirus products in the U.S., had revenue of more than half a billion dollars in Western Europe and the Americas in 2016, according to International Data Corp. By Kaspersky’s own account it has more than 400 million users world-wide.

The revelation comes as concern over Russian infiltration of American computer networks and social media platforms is growing amid a U.S. special counsel’s investigation into whether Donald Trump’s presidential campaign sought or received assistance from the Russian government. Mr. Trump denies any impropriety and has called the matter a “witch hunt.”

Intelligence officials have concluded that a campaign authorized by the highest levels of the Russian government hacked into state election-board systems and the email networks of political organizations to damage the candidacy of Democratic presidential nominee Hillary Clinton.

A spokesman for the NSA didn’t comment on the security breach. “Whether the information is credible or not, NSA’s policy is never to comment on affiliate or personnel matters,” he said. He noted that the Defense Department, of which the NSA is a part, has a contract for antivirus software with another company, not Kaspersky.

In a statement, Kaspersky Lab said it “has not been provided any information or evidence substantiating this alleged incident, and as a result, we must assume that this is another example of a false accusation.”

Kremlin spokesman Dmitry Peskov in a statement didn’t address whether the Russian government stole materials from the NSA using Kaspersky software. But he criticized the U.S. government’s decision to ban the software from use by U.S. agencies as “undermining the competitive positions of Russian companies on the world arena.”

The Kaspersky incident is the third publicly known breach at the NSA involving a contractor’s access to a huge trove of highly classified materials. It prompted an official letter of reprimand to the agency’s director, Adm. Michael Rogers, by his superiors, people familiar with the situation said.

National Security Agency Director Michael Rogers. PHOTO: SAUL LOEB/AGENCE FRANCE-PRESSE/GETTY IMAGES

Adm. Rogers came into his post in 2014 promising to staunch leaks after the disclosure that NSA contractor Edward Snowden the year before gave classified documents to journalists that revealed surveillance programs run by the U.S. and allied nations.

The Kaspersky-linked incident predates the arrest last year of another NSA contractor, Harold Martin, who allegedly removed massive amounts of classified information from the agency’s headquarters and kept it at his home, but wasn’t thought to have shared the data.

Mr. Martin pleaded not guilty to charges that include stealing classified information. His lawyer has said he took the information home only to get better at his job and never intended to reveal secrets.

The name of the NSA contractor in the Kaspersky-related incident and the company he worked for aren’t publicly known. People familiar with the matter said he is thought to have purposely taken home numerous documents and other materials from NSA headquarters, possibly to continue working beyond his normal office hours.

The man isn’t believed to have wittingly aided a foreign government, but knew that removing classified information without authorization is a violation of NSA policies and potentially a criminal act, said people with knowledge of the breach.

It is unclear whether he has been dismissed from his job or faces charges. The incident remains under federal investigation, said people familiar with the matter.

Kaspersky software once was authorized for use by nearly two dozen U.S. government agencies, including the Army, Navy and Air Force, and the departments of Defense, State, Homeland Security, Energy, Veterans Affairs, Justice and Treasury.

The headquarters of the Russian cybersecurity company Kaspersky Lab. PHOTO: SAVOSTYANOV SERGEI/TASS/ZUMA PRESS

NSA employees and contractors never had been authorized to use Kaspersky software at work. While there was no prohibition against these employees or contractors using it at home, they were advised not to before the 2015 incident, said people with knowledge of the guidance the agency gave.

For years, U.S. national security officials have suspected that Kaspersky Lab, founded by a computer scientist who was trained at a KGB-sponsored technical school, is a proxy of the Russian government, which under Russian law can compel the company’s assistance in intercepting communications as they move through Russian computer networks.

Kaspersky said in its statement: “As a private company, Kaspersky Lab does not have inappropriate ties to any government, including Russia, and the company has never helped, nor will help, any government in the world with its cyberespionage efforts.”

Suspicions about the company prompted the Department of Homeland Security last month to take the extraordinary step of banning all U.S. government departments and agencies from using Kaspersky products and services. Officials determined that “malicious cyber actors” could use the company’s antivirus software to gain access to a computer’s files, said people familiar with the matter.

The government’s decision came after months of intensive discussions inside the intelligence community, as well as a study of how the software works and the company’s suspected connections to the Russian government, said people familiar with the events. They said intelligence officials also were concerned that given the prevalence of Kaspersky on the commercial market, countless people could be targeted, including family members of senior government officials, or that Russia could use the software to steal information for competitive economic advantage.

“The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security,” the DHS said Sept. 13 in announcing the government ban.

All antivirus software scans computers looking for malicious code, comparing what is on the machine to a master list housed at the software company. But that scanning also gives makers of the software an inventory of what is on the computer, experts say.

“It’s basically the equivalent of digital dumpster diving,” said Blake Darché, a former NSA employee who worked in the agency’s elite hacking group that targets foreign computer systems.

Kaspersky is “aggressive” in its methods of hunting for malware, Mr. Darché said, “in that they will make copies of files on a computer, anything that they think is interesting.” He said the product’s user license agreement, which few customers probably read, allows this.

“You’re basically surrendering your right to privacy by using Kaspersky software,” said Mr. Darché, who is chief security officer for Area 1, a computer security company.

“We aggressively detect and mitigate malware infections no matter the source and we have been proudly doing it for 20 years,” the company said in its statement. “We make no apologies for being aggressive in the battle against malware and cybercriminals.”

U.S. investigators believe the contractor’s use of the software alerted Russian hackers to the presence of files that may have been taken from the NSA, according to people with knowledge of the investigation. Experts said the software, in searching for malicious code, may have found samples of it in the data the contractor removed from the NSA.

But how the antivirus system made that determination is unclear, such as whether Kaspersky technicians programed the software to look for specific parameters that indicated NSA material. Also unclear is whether Kaspersky employees alerted the Russian government to the finding.

Kaspersky Lab Chief Executive Eugene Kaspersky. The company said it never would help ‘any government in the world with its cyberespionage efforts.’ PHOTO: SHARIFULIN VALERY/TASS/ZUMA PRESS

Investigators did determine that, armed with the knowledge that Kaspersky’s software provided of what files were suspected on the contractor’s computer, hackers working for Russia homed in on the machine and obtained a large amount of information, according to the people familiar with the matter.

The breach illustrates the chronic problem the NSA has had with keeping highly classified secrets from spilling out, former intelligence personnel say. They say they were rarely searched while entering or leaving their workplaces to see if they were carrying classified documents or removable storage media, such as a thumb drive.

The incident was considered so serious that it was given a classified code name and set off alarms among top national security officials because it demonstrated how the software could be used for spying. Members of Congress also were informed, said people familiar with the matter.

Then-Defense Secretary Ash Carter and then-Director of National Intelligence James Clapper pushed President Barack Obama to remove Adm. Rogers as NSA head, due in part to the number of data breaches on his watch, according to several officials familiar with the matter.

The NSA director had fallen out of White House favor when he traveled to Bedminster, N.J., last November to meet with president-elect Donald Trump about taking a job in his administration, said people familiar with the matter. Adm. Rogers didn’t notify his superiors, an extraordinary step for a senior military officer, U.S. officials said.

Adm. Rogers wasn’t fired for a number of reasons, including a pending restructuring of the NSA that would have been further complicated by his departure, according to people with knowledge of internal deliberations. An NSA spokesman didn’t comment on efforts to remove Adm. Rogers.

Sen. Jeanne Shaheen, (D., N.H.) said in a statement: “This development should serve as a stark warning, not just to the federal government but to states, local governments and the American public, of the serious dangers of using Kaspersky software.”

She added: “The strong ties between Kaspersky Lab and the Kremlin are extremely alarming and have been well-documented for some time. It’s astounding and deeply disturbing that the Russian government continues to have this tool at their disposal to harm the United States.”

Write to Gordon Lubold at Gordon.Lubold@wsj.com and Shane Harris at shane.harris@wsj.com

How to write to the Electoral College

Russian interference in the 2016 U.S. Presidential election has evolved into a genuine and unprecedented national crisis. Over the years, the Electoral College has deteriorated into a quaint rubber-stamp of each state’s elector outcome. Some states have even passed laws that prohibit electors from changing their votes. However, this is patently un-Constitutional and not the intent of The Founders. Alexander Hamilton wrote in the Federalist Papers that the intent was for the Electoral College to be a check on exactly the situation we are facing. Meanwhile,  a group of EC electors has demanded that the CIA share with the Electoral College its evidence of Russian interference in the election.

Christoper Suprun, a Texas elector, a Republican, and a 9/11 first responder, declared in an electrifying editorial in the New York Times last week that he will not vote for Donald Trump.  We all need to read Suprun’s impassioned patriotic words.

Read more:

The CIA revelation on October 7th that the Russian hacking was directed by the Kremlin, has been followed by last week’s confirmation from the CIA that the motive was not only destabilization but to aid the election of Donald Trump. Obama has called for his own Presidential report before January 20th. Many members of Congress have already been shown the CIA evidence. Congress is now in bipartisan agreement that it requires a full-scale investigation. Some are already calling for a national “investigative commission” like those for the Kennedy assassination and the 9/11 attacks.  All of this, and the Electoral College issue, requires our fullest attention.

Watch The Video

The Hamilton Electors: www.hamiltonelectors.org

How to write to the Electoral College

Source: directelection.org – How to write to the Electoral College

Read More:

REBLOGGED FROM DIRECTELECTION.ORG

WELCOME TO DIRECTELECTION.ORG!

The purpose of this site is to help you send your own signed postal letters to the members of the Electoral College from states won by Donald Trump to ask them, respectfully, not to vote for Trump.

The electors have already received a ton of e-mail and news attention, but a personal letter means a lot more. A single good old-fashioned, voter-to-voter personal letter is probably worth a thousand e-mails.

How realistic is it that we can politely convince enough electors to abandon Trump (and choose the popular-vote winner Hillary Clinton instead)? Admittedly, the chances are slim, but this is our only shot! Nothing else at this point, other than swaying the electors, can stop Trump from becoming president. Let’s not throw away our shot!

 

HOW IT WORKS

I’ve prepared a ready-to-print, customizable mail-merge in Microsoft Word and a set of ready-to-print Avery Standard 5160 labels for envelopes. Just download, add your name and address (customize more if you want), print, sign, put them in envelopes, address the envelopes, apply stamps, and mail.

So far, I have addresses for about 260 Trump-pledged electors. Total cost of postage if you mail them all: $122. Estimated time to print, sign, stamp them all: just under two hours.

If that’s too much for you, fear not. I’ve also broken it down by state. Just download the states whose electors you care the most about and write to those. (May I suggest Michigan, Wisconsin, Pennsylvania, and Ohio?)

Click here to see the content of the letter.

That’s it. Each document has an identical instruction sheet for easy execution. And the best thing is, if you don’t like the letter I wrote, you can change it however you like. This is your letter to the electors.

But remember: The Electoral College will cast its official votes on December 19, so we’ve got to act fast. The electors are elected officials. We voted for them when we voted for president in our various states. It is right that they hear from us.

 

ABOUT ME

I’m Jeff Strabone, registered Democrat from New York. I’m a U.S. citizen and voter who is terrified by the prospect of Donald Trump becoming president. He lost the popular vote and is unfit to be our president. If the electors take their responsibility seriously, I believe they’re obligated to block Trump. That is why I’m asking you to join me in sending polite, respectful letters asking them to do so.

Thank you.

Jeff Strabone

Minister of Information

CONTACT

Twitter: @jeffstrabone

E-mail: jeffstrabone@gmail.com

Eric Schmidt Nailed It: China’s Military Is Hacking Us Silly

On the evening of February 6th, I delivered a guest lecture to the local chapter of the Institute of Electrical and Electronic Engineers (IEEE). During the course of my lecture I referenced a very recent quote from Eric Schmidt on cyber security concerns about China.  I have great respect for Schmidt, as I worked with him when he was Sun Microsystem‘s Chief Technology Officer, and I was with SunSoft, the division responsible for Sun’s version of the UNIX operating system.  The cyber security issue  is an area that has concerned me since I first began working in China, representing P-Cube (acquired by Cisco Systems), and its advanced Internet traffic policy engine.

I think it is fair to say that Eric Schmidt, Chairman of Google, has been one of the first to openly and vocally declare our national cyber security threat from Chinese hackers. Just two weeks ago, on February 1st,  Wall Street Journal blogger, Tom Gara, posted an exclusive article describing his review of early galley proofs of Schmidt’s new book, planned for release this coming April.   Apparently, Schmidt is quoted from the proofs, writing that:

“China is the world’s most active and enthusiastic filterer of information” as well as “the most sophisticated and prolific” hacker of foreign companies. In a world that is becoming increasingly digital, the willingness of China’s government and state companies to use cyber crime gives the country an economic and political edge.”

Read more: http://blogs.wsj.com/corporate-intelligence/2013/02/01/exclusive-eric-schmidt-unloads-on-china-in-new-book/

In late January, shortly before the WSJ blog post, we learned from a blog post by Eric Schmidt’s daughter Sophie, that Schmidt had also just returned from a surreptitious visit to North Korea with former New Mexico Governor, Bill Richardson.  Schmidt described the other worldly cyber world of North Korea. had access to North Korea’s mobile network, which allows international calls but has no data service. Schmidt got a look at North Korea’s national intranet, which Schmidt described as “a walled garden of scrubbed content taken from the real Internet.”

Clearly, China and North Korea have become major topics of interest for Schmidt and Google. Something is up.

All week this week, National Public Radio‘s Morning Edition, has featured a series of stories on our military’s growing concern and focus on cyber attacks, and the development of both defensive and offensive cyber strategies.

Sunday night on CBS 60 Minutes, Janet Napolitano, Obama’s Secretary of Homeland Security, revealed that China was at the top of of her cyber threat list, also listing Iran and Russia.

But the most important event occurred this evening, when the New York Times published a Breaking News Alert on a story written by three of the best NYT investigative journalists.  The four page detailed article, “Chinese Army Unit Is Seen as Tied to Hacking Against U.S.,” provides extraordinary detailed evidence.  The breadth and depth of the cyber attacks on the United States go back as far as 2006, and the article describes attacks on numerous industries and hundreds of U.S. companies.  Most concerning, there is now compelling evidence of near-miss attacks seeking means to disable our critical infrastructure.  There has been much talk about our vulnerability, but until this NYT article nothing has so explicitly exposed our risk to cyber attack from the Chinese military.  For me, one of the more interesting details was that the source of the attacks was a PLA building in Shanghai.

Read more: http://www.nytimes.com/2013/02/19/technology/chinas-army-is-seen-as-tied-to-hacking-against-us.html?pagewanted=4&emc=na

(Since I first posted this story on my blog, virtually all major national and international media outlets have exploded with their own stories: BBC, Canadian Broadcasting, PBS Newshour, NBC, MSNBC, CBS, ABC, CNN, and dozens of others.  Tuesday, February 19th is the day that President Obama’s Executive Order to strengthen U.S. government resources, strategy and tactics in the growing cyber war go into effect.)

So it would now appear that the proverbial cat is out of the bag, and we can expect considerably more discussion about this and policies to counter it.  Some may argue that Stuxnet worm attack on Iran’s nuclear centrifuges marks the opening of a covert new war. The consensus seems to be that we have no choice now but to respond.

As I spent more and more time in China, and spoke with my colleagues at TDF Ventures in Shanghai, and as we met with officials of IBM Global Services in Beijing, I developed this subjective impression that Shanghai was much more politically conservative, patriotic, and aggressive with foreign companies. Just something about Shanghai that I couldn’t put my finger on.  Shanghai has also historically had a kind of separate local culture with the Shanghainese dialect, which is unintelligible to Mandarin speakers. Shanghai locals seem to pride themselves on their differences with Beijing.  More recently, others I know who have familiarity with Shanghai have concurred with my sense that the place is the conservative center of China. I can distinctly remember meetings with computer and Internet experts in Shanghai that left me with a very uncomfortable sense of their motives. They also did not seem to be particularly shy about their motives.  During my first visit to Beijing in 1999, for the 50th anniversary of the People’s Republic of China, I was deeply impressed by the event, and the obvious patriotism.  But as I continued to visit China on business, I became increasingly uncomfortable with what I was seeing and hearing.

It now seems that my gut concerns were well placed.