Comment by t0mas88
6 days ago
Alternative theory: Part of the operation caused power outages or disrupted some connections, the BGP anomalies were a result of that.
The data would make that more likely, because deliberately adding a longer route doesn't achieve much. It's not usually going to get any traffic.
The BGP anomalies were 24-hours~ before the power outage, so I'm not sure I follow what you're arguing.
What I mean is that cause and effect here could be different then the author thinks. We see some route changes, but those changes make no sense on their own since they wouldn't capture any traffic. That makes it more probable that BGP was not the attack, but that some other action caused this BGP anomalie as a side effect.
For example, maybe some misconfiguration caused these routes to be published because another route was lost. Which could very well be the actual cyber attack, or the effect of jamming, or breaking some undersea cable, or turning off the power to some place.
I think what the other commenter is saying is that the BGP changes happened 12 hours before any of the power loss/bomb drop, so that eliminates your primary cause.
1 reply →
As a follow-up, Cloudflare came to the same conclusion: https://blog.cloudflare.com/bgp-route-leak-venezuela/
> The newsletter suggests “BGP shenanigans” and posits that such a leak could be exploited to collect intelligence useful to government entities. > > While we can’t say with certainty what caused this route leak, our data suggests that its likely cause was more mundane.