AS prepending is a relatively common method of traffic engineering to reduce traffic from a peer/provider. Looking at CANTV's (AS8048) announcements from outside that period shows they do this a lot.
Since this was detected as a BGP route leak, it looks like CANTV (AS8048) propagated routes from Telecom Italia Sparkle (AS6762) to GlobeNet Cabos Sumarinos Columbia (AS52320). This could have simply been a misconfiguration.
Nothing nefarious immediately jumps out to me here. I don't see any obvious attempts to hijack routes to Dayco Telecom (AS21980), which was the actual destination. The prepending would have made traffic less likely to transit over CANTV assuming there was any other route available.
The prepending done by CANTV does make it slightly easier to hijack traffic destined to it (though not really to Dayco), but that just appears to be something they just normally do.
This could be CANTV trying to force some users of GlobeNet to transit over them to Dayco I suppose, but leaving the prepending in would be an odd way of going about it. I suppose if you absolutely knew you were the shortest path length, there's no reason to remove the prepending, but a misconfiguration is usually the cause of these things.
What most likely happened, instead of a purposeful attempt to leak routes and MITM traffic, is CANTV had too loose of a routing export policy facing their upstream AS52320 neighbor, and accidentally redistributed the Dayco prefixes that they learned indirectly from Sparkle (AS6762) when the direct Dayco routes became unavailable to them.
This is a pretty common mistake and would explain the leak events that were written about here.
Apparently that is part of implementing ECH (Encrypted Client Hello) in TLS 1.3 where the DNS hosts the public key of the server to fully encrypt the server name in a HTTPS request. Since Nginx and other popular web servers don't yet support it, I suspect the 7% of requests are mostly Cloudflare itself.
(1) https://radar.cloudflare.com/?ref=loworbitsecurity.com#dns-q...
It's one way, but a H1/H2 connection can also be promoted to H3 via the alt-svc header. The DNS method is slightly better though since it potentially allows a client to utilize H3 immediately from the first request.
The new development (encrypted client hello) is you no longer have to send the hostname. So someone listening in the middle would only see you connected to an AWS/etc IP. This will make blocking websites very difficult if they use shared services like cloudflare or cloud VPS hosting.
If you don’t use a CDN at all, the destination IP leaks what site you’re trying to connect to (if the domain is well known). If you use a CDN without ECH, you send an unencrypted domain name in the HTTPS negotiation so it’s visible there. ECH+CDN is an attempt to have the best of both worlds: your traffic to the site will not advertise what site you’re connecting to, but the IP can still be shared between a variety of sites.
It’ll be interesting to see how countries with lighter censorship schemes adapt - China etc. of course will just block the connection.
It’s not just encrypted server name indication (ESNI), it is the whole hello now (ECH)! So you don’t leak anything.
HTTPS is the name of a protocol, which is mostly used to make the World Wide Web work, but we do lots of other things with it, such as DNS-over-HTTPS aka DoH.
However HTTPS is also the name of a type of DNS record, this record contains everything you need to best reach the named HTTPS (protocol) server, and this is the type of record your parent didn't previously know about
In the boring case, say, 20 years ago, when you type https://some.name/stuff/hats.html into a web browser your browser goes "Huh, HTTPS to some.name. OK, I will find out the IPv4 address of some.name, and it makes a DNS query asking A? some.name. The DNS server answers with an IPv4 address, and then as the browser connects securely to that IP address, it asks to talk to some.name, and if the remote host can prove it is some.name, the browser says it wants /stuff/hats.html
Notice we have to tell the remote server who we hope they are - and it so happens eavesdroppers can listen in on this. This means Bad Guys can see that you wanted to visit some.name. They can't see that you wanted to read the document about hats, but they might be able to guess that from context, and wouldn't you rather they didn't know more than they need to?
With the HTTPS record, your web browser asks (over secure DNS if you have it) HTTPS? some.name and, maybe it gets a positive answer. If it does, the answer tells it not only where to try to connect, but also it can choose to provide instructions for a cover name to always use, and how to encrypt the real name, this is part of Encrypted Client Hello (or ECH)
Then the web server tells the server that it wants to talk to the cover name and it provides an encrypted version of some.name. Eavesdroppers can't decrypt that, so if many people share the same endpoints then eavesdropper can't tell which site you were visiting.
Now, if the server only contains documents about hats, this doesn't stop the Secret Hat Police from concluding that everybody connecting to that server is a Hat Pervert and needs to go to Hat Jail. But if you're a bulk host then you force such organisations to choose, they can enforce their rules equally for everything (You wanted to read News about Chickens? Too bad, Hat Jail for you) or they can accept that actually they don't know what people are reading (if this seems crazy, keep in mind that's how US Post worked for many years after Comstock failed, if you get a brown paper package posted to you, well, it's your business what is in there, and your state wasn't allowed to insist on ripping open the packaging to see whether it is pornography or communist propaganda)
The short answer is that there hasn't been a ton of movement across the market at large, but since Saturday, bonds have been swinging up towards the all-time high they set last December. Can't say for certain that that movement is tied to VZ though.
https://finance.yahoo.com/news/one-polymarket-user-made-more...
While on their way out, if the USA could set everything back to IPv6, that would be nice.
As if. Dictators only do things that benefit themselves, and deciding to attack the US is suicide and/or world ending.
You actually think the US would leave things better than they found them?
[Of course i agree with the broader point of dont become dependent on the technology of your geopolitical enemies]
Technology is notoriously expensive to develop and manufacture. One must either have native capacity (and thus, the wealth) to do so, or must get it from someone else.
Other Western/US-aligned countries might have the ability to do so, albeit at geopolitical and economic cost, because the only thing you're likely to gain from kicking the US out of your tech stack and infrastructure is a tech stack and infrastructure free of the US. Meanwhile American companies will be developing new features and ways of doing things that add economic value. So at best, a wash economically. Maybe the geopolitical implications are enticing enough.
Places like Venezuela? Nah. They'll be trading the ability of Americans to jack with their tech infrastructure for the ability of the PRC, Non-US Western nations, or Russia to jack with their tech stack.
The geopolitics of technology are a lot like a $#1+ sandwich: the more bread you have, the less of someone else's $#1+ you have to eat.
I'm not sure why the author singled out Telecom Italia Sparkle.
The data would make that more likely, because deliberately adding a longer route doesn't achieve much. It's not usually going to get any traffic.
For example, maybe some misconfiguration caused these routes to be published because another route was lost. Which could very well be the actual cyber attack, or the effect of jamming, or breaking some undersea cable, or turning off the power to some place.
> The newsletter suggests “BGP shenanigans” and posits that such a leak could be exploited to collect intelligence useful to government entities. > > While we can’t say with certainty what caused this route leak, our data suggests that its likely cause was more mundane.
Furthermore, BGP routes can get "stuck", if some device doesn't handle a withdrawal correctly… this can lead to odd routes like the ones seen here. Especially combined with the long path length and disappearance of better routes.
From what I remember reading, they were able to gain air dominance not because Iranian air-defense was bad, but because it was put almost completely out of service for a brief period of time by people on the ground - be it through sabotage, cyber-warfare, drone attacks from inside, allowing the Israeli jets to annihilate them.
Wouldn't that constitute air defense being "bad"? There are no "well technically it should have worked" in war. Failing to properly secure the air defense sites is bad air defense.
I expect every major world power has a plan to (attempt to) do precisely that to their enemies.
https://en.wikipedia.org/wiki/Graphite_bomb
> The US Navy used sea-launched Tomahawk missiles with Kit-2 warheads, involving reels of carbon fibers, in Iraq as part of Operation Desert Storm during the Gulf War in 1991, where it disabled about 85% of the electricity supply. The US Air Force used the CBU-94, dropped by F-117 Nighthawks, during the NATO bombing of Yugoslavia on 2 May 1999, where it disabled more than 70% national grid electricity supply.
I would not, however, take "Trump said something" as indicative of much. "It was dark, the lights of Caracas were largely turned off due to a certain expertise that we have, it was dark, and it was deadly" is both visibly untrue from the video evidence available, and is the precise sort of off-the-cuff low-fact statement he's prone to.
[1]:https://radar.cloudflare.com/routing/as8048ref=loworbitsecur...
Greenland is a massive strategic liability for the US and Europe (although the EU still has its head in the sand they are starting to wake up some).
Yesterday:
> Adding to the alarm, Katie Miller, a right-wing podcast host and the wife of Trump adviser Stephen Miller, posted an image of Greenland superimposed with the American flag and the caption "SOON!"
https://www.nbcnews.com/world/greenland/trump-venezuela-atta...
Fragile egos. Narcissists desperately need to feel good about themselves. They're caught in a cycle: feel worthless -> do bad things (feed the ego) -> feel worthless.
When BGP traffic is being sent from point A to point B, it can be rerouted through a point C. If you control point C, even for a few hours, you can theoretically collect vast amounts of intelligence that would be very useful for government entities.A few thoughts: - The affected prefixes (200.74.224.0/20 block → Dayco Telecom) hosting banks and ISPs feels significant. If you're doing pre-kinetic intelligence gathering, knowing the exact network topology and traffic patterns of critical infrastructure would be valuable. Even a few hours of passive collection through a controlled transit point could map out dependencies you'd want to understand before cutting power. - What's also notable is the transit path through Sparkle, which the author points out doesn't implement RPKI filtering. That's not an accident if you're planning something (you'd specifically choose providers with weaker validation). - The article stops short of drawing conclusions, which is the right call. BGP anomalies are common enough that correlation ≠ causation. But the timing and the specific infrastructure affected make this worth deeper analysis.
Would love to see someone with access to more complete BGP table dumps do a before/after comparison of routing stability for Venezuelan prefixes in that window.
Didn't the US use Chinooks? They're supposed to be loud. And AD didn't take even one out.
If Venezuela as corrupt as most socialist countries, I have no doubt that someone in his inner circle gave him up.
Back in the days of our version of socialism we had Indian politicians selling out for $100K, leave alone $50M.
For the longest time I thought they'd gone too far, but now we're the clowns putting on a show.
There are 9 nuclear-armed states today. Likely this has set us on a path where nuclear war is inevitable.
Plenty of places have uranium and unless they are being watched like Iran they can just set up clandestine enrichment operations.
They drive old cars, have slow internet and can't visit the coliseum. They're not invited to the cool parties.
It would probably rule out the type of decapitation strike the US did, but bgp hijacking is way way below on the escalation ladder.
The US couldn't just fly a bunch of helicopters to Pyongyang or Tehran and do the same within 30 minutes. Most likely every single one of those helicopters would end up being shot down.
I think this is a situation where even if Venezuela had nukes, this still would have happened.
a. Don’t use nukes, everyone moves one rung up the ladder. b. Use nukes. Ladder is destroyed, everyone dies horribly.
Using nukes only makes sense if everyone is going to die horribly anyway. It’s an empty threat otherwise.
Why would it?
1. "Nuclear capability" is not binary. The available delivery mechanisms and the defensive capabilities of your adversary matter a lot.
2. MAD constrains both sides. It's unlikely that an unpopular Head of State getting kidnapped would warrant a nuclear first strike especially against a country like (Trump's) America, which would not hesitate to glass your whole country in response.
3. It's extremely risky to "try" a nuke, because even if it's shot down, does it mean your enemy treats it as a nuclear strike and responds as if it had landed? That's a very different equation from conventional missiles. E.g. Iran sends barrages of missiles because they expect most of them to be shot down. It's probably not calculating a scenario where all of them land and Israel now wants like-for-like revenge.
Heads of state are generally pretty good at delegating the C&C of their nukes to people they are pretty popular with. That's orthogonal to popularity polls of the populace.
It seems extraordinarily unlikely we'd have attempted such a thing if Venezuela had nukes.
We can see that nobody was going to resist the operation in Venezuela, so it doesn't really matter that Venezuela doesn't have nukes. Using nukes isn't just a matter of pressing a button, it involves a lot of people and processes - thus any significant opposition inside the force or just widespread sabotage will make it unusable.
But it seems equally likely to me that he was sold out by somebody in the VZ government/military. And that the paltry military resistance was because they saw direct confrontation with the US as suicidal.
Not impossible but certainly in the tinfoil hat range of possibilities.
It sounds stupid. Maduro has no way to enforce the deal, and the US has no incentive to fulfill this deal.
> We can see that nobody was going to resist the operation in Venezuela, so it doesn't really matter that Venezuela doesn't have nukes.
To use it, no resistance is matter. One person must do their job to launch a nuclear weapon. That's all.
> it involves a lot of people and processes
It doesn't matter. Nuclear deterrence exercises are conducted regularly. And their peculiarity is that no one except the person with the red button knows whether it's an exercise or whether the missiles will actually be launched this time.
So when the order to launch comes, many people will be performing a large number of complex processes which will result in the use of nuclear weapons. Because they regularly receive such orders and carry out these processes.
You have to assume everyone is willing to die over every single thing short of obliteration.
So what's the scenario then? Venezuela has nukes. The US abducts Maduro. Venezuela launches its nukes, everyone dies on both sides. Please, explain that laughable premise. Everyone in Venezuela dies for Maduro? Go on, explain it, I'll wait.
Back in reality: Venezuela has nukes. The US abducts Maduro. Venezuela shakes its fists at the sky, threatens nuclear hell fire. Nothing happens. Why? The remaining leadership of Venezuela does not in fact want to die for Maduro.
US attacks, Maduro threatens to launch nuke(s) ... then what? Do you call bluff?
Maduro was capture in a militair base (as he did a Saddam, switching sleeping locations), he almost made it into a safe room. What if he had nukes and made it to the safe room. You know the expression "Cornered rat"... For all he knew, the US was there to kill him. The US killed his 30 Cuban bodyguards so high change Maduro thought its his end.
> "Cornered rat" refers to the idiom that even weak individuals become desperate and dangerous when given no escape, often applied to intense political or military pressure.
The scenario that you called, that nobody wants to die for Maduro, is you gambling that nobody want to die for him or not follow the chain of command! Do you want to risk it? No matter how many precaution you take, are you really sure that not one or more nukes go to Texas or Miami?
This is why Nukes are so powerful, even in the hands of weaker countries. It gives a weaker country a weapon that may inflict untold dead to the more powerful country (let alone the political impact). Its a weapon that influences decision making, even in the most powerful countries.
With Iran, North Korea, or Ukraine, the calculus is different.
Do you think the US and EU would have hesitated to send enough arms to keep Ukraine comfortably fending off Russia if they weren't afraid of the nuclear threat that Russia kept toying with?
Now do this same exercise for Taiwan.
The only consistent action for the US to take, given they - and much of the world - do not consider Maduro the legitimate President of Venezuela, was to remove him from power.
Clearly and empirically, BGP can shut off parts of the Internet, just as Trump wanted to do in 2015.
https://finance.yahoo.com/news/dear-donald-trump-no-you-1322...