How to Cause a Black Hole (in the Internet) with BGP

Micro Visions BGPDuring the analysis of Trump’s ability to shut down the Internet, I discovered this handy little thing called BGP (Border Gateway Protocol). Somehow, depending on the user (or manipulator, as the case may be) it can be problematic for the Internet. Skeptical? Note that one time when Pakistan killed YouTube, or when a couple of guys redirected American data to Iceland. As usual for these sorts of problems, the world at large is now plagued with doubt about whether data can be sent through the Internet without being compromised. Congratulations on entering the world at large. Let the doubting begin.

In short, the Border Gateway Protocol is that nebulous thing that tells what Internet traffic to go where. When a router passes a packet, supposing that the next step is more complex than keeping it or sending it elsewhere, another router uses the BGP to take the packet from the router and assure the more simple-minded router that the Good Ol’ BGP has everything under control (or it would if hardware were anthropomorphic). Sort of like a carrier pigeon between two traffic cops. To send the packets, routers use specified addresses within the packets that correspond to routing tables, and the packets eventually get to their destinations after much router and host hopping.

Problems arise when an Internet provider configures a BGP badly, as was the case in Pakistan. The BGP told routers that it knew where their packets were supposed to go, as BGP does, and then sent them to the wrong place. That wrong place happened to be nowhere in Pakistan. In this case the ISP changed the address for YouTube; a similar deviation occurred in the Iceland rerouting except that the packets were directed back to their original destinations so nobody noticed. The disruption, evidently, is fairly simple. Change the location advertised through the BGP and everybody goes into the giant black hole, which, I’m told, is a sneaky way of killing off worms or DDoS attacks. On the upside, They (does anybody actually know who They are?) are working on tighter security measures and in the meantime most Internet providers are fairly proficient at shutting down attackers.