Internet traffic for 167 important British Telecom customers—including a UK defense contractor that helps deliver the country’s nuclear warhead program—were mysteriously diverted to servers in Ukraine before being passed along to their final destination.
The snafu may have allowed adversaries to eavesdrop on or tamper with communications sent and received by the UK’s Atomic Weapons Establishment, one of the affected British Telecom customers. Other organizations with hijacked traffic include defense contractor Lockheed Martin, Toronto Dominion Bank, Anglo-Italian helicopter company AgustaWestland, and the UK Department for Environment, according to a blog post published Friday by researchers from Dyn, a firm that helps companies monitor and control their online infrastructure.
The diverted traffic appeared to be used to send e-mail and route virtual private networks, as well as for other purposes. As the picture above illustrates, the roundabout path caused the data to travel thousands of miles to the Ukrainian capital of Kiev before turning around, retracing that route, and being delivered to its normal hub in London. Unnecessarily sending the data to Kiev may have made it possible for employees with privileged network access to Ukrainian telecom provider Vega to monitor or tamper with data that wasn’t encrypted end-to-end using strong cryptography. The hijacking of the Atomic Weapons Establishment, Lockheed, and the other 165 routes occurred over a 90-minute span on Thursday, while a handful of British Telecom customers experienced diverted traffic for five days beginning Saturday.
Read 6 remaining paragraphs | Comments

Leave a Reply