From 12:05-12:50 UTC, Russian ISP RTComm (AS8342) hijacked a prefix (104.244.42.0/24) belonging to Twitter. Thankfully, the hijack didn’t propagate far due to a RPKI ROA which asserted AS13414 was the rightful origin.
It’s worth noting that this is the same prefix hijacked during the coup in Myanmar last year. This is probably just reflective of the fact that this prefix is a common target for censorship. In both BGP hijack instances, the objective was likely to blackhole traffic but the route temporarily leaked out of the country.
Our report was highlighted in stories by Ars Technica, ITNews, a tweet by the CISO of Twitter and finally in an excellent blog post by Aftab Siddiqui of MANRS.
Doug Madory is the director of internet analysis for Kentik where he works on internet infrastructure analysis. The Washington Post dubbed him “The Man who can see the Internet” for his reputation in identifying significant developments in the global layout of the internet. Doug is regularly quoted by major news outlets about developments ranging from national blackouts to BGP hijacks to the activation of submarine cables. Prior to Kentik, he was the lead analyst for Oracle’s internet intelligence team (formerly Dyn Research and Renesys).
Twitter: @DougMadory
How do we get this data? Kentik uses thousands of service provider networks and cloud agents, located around the world, to collect information about network events, outages, and disruptions.
Market leaders like Booking.com, Box, and Zoom turn to the Kentik Network Observability Platform to plan, run, and fix any network. We show network pros what they need to know about their network performance, health, and security to make their services, apps, and products shine.
Discover the power of the Kentik Network Observability Platform for yourself—get a demo with a product expert.