Comment by Bengalilol
4 days ago
That’s a very new feeling for me. I read the entire post (with no prior knowledge of BGP at all) and I got chills from thinking how deeply intertwined US companies and the US government are.
I know this has always been the case, of course, but now I have lost trust. Whatever the reasons of this "leak" were, I am not accepting any information written in this message (search for the link to another coverage of the incident in the comments).
It is quite weird and quite logical at the same time: this is the end of an era.
I remember the face of one guy after we chatted about lawful interception over a couple of drinks. He was visibly shaken like he has seen the hell through the door just opened before him.
These kinds of infrastructure is present everywhere, for a very long time. Just because not everyone is talking about the matter doesn't make it non-existent.
For example, in 2003, I saw how Japan monitored their network traffic in real time. It was eye opening for me, too. Technologies like DPI which required beefy servers are now trivial to implement with the right hardware.
This is all I can say.
can confirm this is true - a single rack of servers can now handle terabits of traffic.. in real time with near zero added latency, anti-ddos companies do this as a service.
Is it the powerful servers making the difference here? Or the coveted back haul connections which have access to the data passing by?
I suppose it's both but the latter is a more scarce resource
12 replies →
Let's say I have a public website with https. I allow anyone to post a message to an api endpoint. Could a server like this read the message? How?
16 replies →
It's crazy that it seems like we're just going in loops every decade or so. New people enter tech, mostly focus on their own stuff, after a while, it becomes very clear how "deeply intertwined US companies and the US government are", and these people now lose their trust. Eventually, things been going well for some years, so new people enter the industry, with the same naive outlook, thinking "This couldn't be true of the government we have today" yet eventually, even they realize what's going on. Rinse and repeat every last 3 decades, and that's just what I remember, I'm sure others remember even further.
I am 50 yo and did live through multiple intertwinings. This time though, it is really the end of an era. Trust has been lost.
More positively, what's your opinion on this closer look post from Cloudflare?
As someone in networking, it checks out, and I also know the author.
Imagine an overworked, underpaid, network engineer. Mistakes happen. This time though, the entire world is hyper fixated on what amounts to an easy to make mistake and now your mistake is in the intel briefs of 50 countries. Oops. Rough day at the office.
4 replies →
The magic of the system is that the ratio of new entrants who don't aren't yet jaded enough to not be useful idiots vs the rate at which people become jaded vs the rate at which those jaded people leave makes it self sustaining.
If you look closely, you can see the color of the orange Cloudflare logo being slightly adjust to match a particular individual's facial color tone.
This is... hard to follow. You seem to be implying that Cloudflare is covering for USG's failed military op-sec surrounding a malicious BGP leak, and judging that this is such a bad action (on the part of Cloudflare) to undermine your trust, not only in Cloudflare, but in all companies and the US government entirely. I don't think the situation is so dire.
Cloudflare's post boils down to Hanlon's razor: a plausible benign interpretation of the facts is available, so we should give some scrutiny to accusations of malice.
Are there specific relevant facts being omitted in the article, or other factors that diminish Cloudflare's credibility? They're clearly a qualified expert in this space.
Let's assume for the sake of argument that the BGP leaks (all of them from the month of December, in fact) were the result of secret US military intelligence operations. The fact that militaries generally use cyber vulnerabilities to achieve their objectives is not news, and the US military is no exception. Keeping specific exploits secret preserves a valuable advantage over competitor states.
One could argue that Cloudflare's post helps to preserve USG's secrecy. We can't know publicly whether USG solicited the article. But even if we assume so (again assuming malice): Is Cloudflare wrong to oblige? I don't think so, but reasonable people could disagree.
Merely pointing out Hanlon's razor doesn't fundamentally change the facts of the situation. In Cloudflare's expert opinion, the facts don't necessarily implicate USG in the BGP leaks without an assumption of malice. Assuming Cloudflare is malicious without justification is just deeper belief in the conspiracy that they're arguing against.
If Cloudflare is distorting the facts, we should believe (rightly) that they're malicious. But I don't see any evidence of it.
EDIT: Clarity tweaks.
Companies in country X are often intertwined with their governments? I'm not sure this is really news.
You changed it from “deeply intertwined” to “often intertwined” to make your strawman argument
Respectfully your comment sounds like paranoid thinking.
The section of the article pointing out the AS prepending makes it really clear the route leak is a nothing Burger.
It's incredibly unlikely this leak change how any traffic was flowing, and is more indicative of a network operator with an understaffed/underskilled team. Furry evidence is that a similar leak has been appearing on and off for several weeks.
That's not to say the US government can't, doesn't or didn't use the Internet to spy, it's just that this isn't evidence of it.
Relevant section below: > Many of the leaked routes were also heavily prepended with AS8048, meaning it would have been potentially less attractive for routing when received by other networks. Prepending is the padding of an AS more than one time in an outbound advertisement by a customer or peer, to attempt to switch traffic away from a particular circuit to another. For example, many of the paths during the leak by AS8048 looked like this: “52320,8048,8048,8048,8048,8048,8048,8048,8048,8048,23520,1299,269832,21980”.
> You can see that AS8048 has sent their AS multiple times in an advertisement to AS52320, because by means of BGP loop prevention the path would never actually travel in and out of AS8048 multiple times in a row. A non-prepended path would look like this: “52320,8048,23520,1299,269832,21980”.
> If AS8048 was intentionally trying to become a man-in-the-middle (MITM) for traffic, why would they make the BGP advertisement less attractive instead of more attractive? Also, why leak prefixes to try and MITM traffic when you’re already a provider for the downstream AS anyway? That wouldn’t make much sense.
[flagged]
Okay, but would you rather be assassinated by a shot in the head, or a shot in the heart???
Not sure why people need to chose between the US or China, and especially why you started thinking about this when someone seems to just want to share their feeling that they've lost their trust in their government. So what if they trust China more/less, what is that supposed to mean with their relationship with US government? Suddenly they shouldn't actually have a lost it, because some people prefer US over China?
I just don't understand this train of thought, and how it's even relevant here.
>someone seems to just want to share their feeling that they've lost their trust in their government
?? I interfered it as someone outside the USA.
Why? Because I hear that sentiment a lot here. USA bad. Okay, now what. They are the most important trade and resource partner.
oh no the feelings
Do something.
Solve something.
Realpolitik.
>Not sure why people need to chose between the US or China
Because the EU needs outside trade partners.
The EU in general does have a bit more of a track record of doing domestic spying, but that's balanced out by Germany being very conservative about putting it under legal framework due to remembering the Stasi. The EU and ECHR in general are postwar experiments in constraining the powers of the state for good.
In practice .. for a lot of people, including a lot of Americans, the Chinese surveillance threat is a lot less immediate and a lot less likely to result in negative consequences for them personally than the US one. (Important exception: overseas Chinese! The extraterritorial police stations are really quite alarming)
If the war with Denmark goes hot, then the US companies become an extreme national security threat very quickly.
What is the purpose of saying this? It's being unnecessarily antagonistic towards a genuine sentiment. It's not like you are offering any solution either. Are you proposing nihilism, maybe?
Like, be more weirdly defensive?
I am probably right to say that invading Venezuela would constitute a serious violation of international law. However, I am probably wrong when I say that this closer look analysis from Cloudflare feels very blurry (mostly because my technical skills regarding this article are close to zero, and I cannot clearly explain why). I have read other articles that were more precise and far less “nothing to see here” in tone.
I then find myself speculating (probably wrongly) about the intentions behind writing such an article. This has raised doubts and left me with an uncomfortable feeling, as if I were drifting toward conspiracy-theory thinking. All of this stems from reading that article.
Still, it would make sense to disrupt communications (and collect large amounts of data) prior to invading a country. Ultimately, for me, the core issue is the illegality of such actions when they are carried out by the most influential and powerful country in the world: a country that, increasingly, no one can fully trust anymore.
I am sorry for letting my emotions flow like that. It may not be the adequate spot to do so, but let me be clear: this Cloudflare article smells badly.
On the one hand, the Cloudflare article doesn’t smell bad to me. As someone who gets to pay attention to this type of thing, these kinds of things really do happen frequently, and mistakes are the most common cause.
If the US government had enough access to try to intentionally do this, they had enough access to snoop on traffic with methods that would not be visible to the outside world, and they would work more reliably than these BGP shenanigans. So I’d suggest you are right about the lack of trust, even if this particular event is probably not supporting evidence. I’d also agree with other posters that any such trust was misplaced in the first place.
Reality isn’t simple or perfect, but pretending you live in utopia is stupidity
Between the USA and China, definitely China. Seems pretty simple. They have much higher standards of living and while it's very bad you can't say Tiananmen Square, that doesn't overrule food and shelter. They have all the job openings for advanced technology work as well - they no longer just manufacture US designs but are rapidly expanding into making better versions of most things, and the main reason we haven't heard about them is that none of the documentation is in English.
They're going to soon find out their stash of dollars is toilet paper, but that won't make too much of a difference with such an advanced economy of their own - the USA will surely have yuan reserves in 30 years.
Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.
11 replies →
the chinese are definitely going to pull ahead, but we're definitely not going to see US fall like that.
it's too easy to assassinate world leaders for a state sponsored government so you have to beg the question: why has nobody done it? the relative peace we have is built on top of mutual destruction and realistically US won't fall without taking most of the world with it.
the reason I believe it's easy because US SS seemingly lost their edge as there haven't been many real threats against the president to begin with. I just can't imagine that there is much any government could do against a 400-500km/h drone specialized for a 20 second mission from being to accomplish the goal, the world leader would be dead by the time anyone even registered that there is a threat.
9 replies →
>They have much higher standards of living
Are you serious? You cannot be. A poor person in the USA has way more money than EU or China. They just love to complain on Reddit.
The rest of your post is delusion. What is your nationality?
2 replies →