YouTube failure highlights global internet security risk

Disruption to Google's YouTube video service at the weekend has highlighted a flaw in the Internet's design that could some day lead to a serious security problem, according to networking experts.

Share

Disruption to Google's YouTube video service at the weekend has highlighted a flaw in the internet's design that could some day lead to a serious security problem, according to networking experts.

The issue lies in the way Internet Service Providers (ISPs) share Border Gateway Protocol (BGP) routing information. BGP is the standard protocol used by routers to find computers on the Internet, but there is a lot of BGP routing data available. To simplify things, ISPs share this kind of information among each other.

And that can cause problems when one ISP shares bad data with the rest of the internet.

That's what happened with YouTube this weekend, according to sources familiar with the situation. BGP data intended to block access to YouTube within Pakistan was accidentally broadcast to other service providers, causing a widespread YouTube outage.

The chain of events that led to YouTube's partial black-out was kicked off Friday when the Pakistan Telecommunication Authority (PTA) ordered the country's ISPs to block access to YouTube because of an alleged anti-Islamic video that was hosted on the site.

ISPs in Pakistan were able to block YouTube by creating BGP data that redirected routers looking for YouTube.com's servers to nonexistent network destinations. But that data was accidentally shared with Hong Kong's PCCW, who in turn shared it with other ISPs throughout the internet.

Because Pakistan's BGP traffic was offering very precise routes to what it claimed were YouTube's Internet servers, routers took it to be more accurate than YouTube's own information about itself.

Larger service providers typically validate BGP data from their customers to make sure that the routing information is accurate, but in this case, PCCW apparently did not do that. When the Pakistani ISP sent the bad data, PCCW ended up sharing it with other ISPs around the globe.

Find your next job with computerworld UK jobs