Comment by Someone1234
6 days ago
The BGP anomalies were 24-hours~ before the power outage, so I'm not sure I follow what you're arguing.
6 days ago
The BGP anomalies were 24-hours~ before the power outage, so I'm not sure I follow what you're arguing.
What I mean is that cause and effect here could be different then the author thinks. We see some route changes, but those changes make no sense on their own since they wouldn't capture any traffic. That makes it more probable that BGP was not the attack, but that some other action caused this BGP anomalie as a side effect.
For example, maybe some misconfiguration caused these routes to be published because another route was lost. Which could very well be the actual cyber attack, or the effect of jamming, or breaking some undersea cable, or turning off the power to some place.
I think what the other commenter is saying is that the BGP changes happened 12 hours before any of the power loss/bomb drop, so that eliminates your primary cause.
At that earlier time, some preparatory action was likely already on its way.