AppleInsider is supported by its audience and can earn commissions as an Amazon Associate and Affiliate on qualifying purchases. These partner relationships do not affect our editorial content.
Over a period of about 12 hours, Russia’s Rostelecom repeatedly attempted to route users of Apple services through its own servers, even through countermeasures applied by Apple engineers.
Rostelecom is Russia’s largest Internet service provider and has repeatedly attempted to hijack traffic destined for Apple services over a period of just over 12 hours. It cannot be determined whether this was a deliberate attempt or an Internet configuration error, but Rostelecom made so-called false route announcements that could make Internet connections to its servers instead of Apple’s.
MANRS, an organization working “to mitigate the most common routing threats,” says Russia did this periodically on July 26 and July 27.
Users never select specific routes to servers, they just try to access a service and the routing takes place behind the scenes. MANRS says that in fact Rostelecom’s servers claimed to be the route to a wide variety of Apple services.
from the organization full post examines all publicly available information about the attack and describes some of the steps Apple should have taken to combat the attack.
What eventually happened is that Rostelecom servers announced that they were the route to a wide variety of Apple services. But Apple then let its servers announce more specific routes.
“If the routes a network announces are not covered by a valid Route Origin Authorization (ROA),,” writes MANRS, “the only option during a route hijack is to announce more specific routes. This is exactly what Apple Engineering did today.”
After about 12 hours, Rostelecom stopped sending the false routing announcements.
“We are not yet aware of any information from Apple indicating which Apple services have been affected,” MANRS continued. “We also have not seen any information from Rostelecom whether this was a configuration error or an intentional action.”
During the time the routing was under attack, Apple services had no downtime, nor a notable increase in complaints.