YouTube shut down reveals some serious net security weaknesses

It isn't often that the world of political repression interferes with our ability to watch home videos of cat tricks, but in a bizarre turn of events that's what happened over the weekend.Google-owned YouTube is a favorite target not only of copyright holders, who complain the site facilitates illegal sharing, but also of third-world dictators, who don't like just how easily the site allows for dissidents to communicate with the rest of the world.

It isn't often that the world of political repression interferes with our ability to watch home videos of cat tricks, but in a bizarre turn of events that's what happened over the weekend.

Google-owned YouTube is a favorite target not only of copyright holders, who complain the site facilitates illegal sharing, but also of third-world dictators, who don't like just how easily the site allows for dissidents to communicate with the rest of the world.

Thus, it wasn't too surprising when Pakistani authorities ordered access to YouTube shut down. Iran and the UAE have permanent bans on YouTube, Morocco and Thailand have had on-again-off-again bans, Brazil temporarily banned the site due to a court action by supermodel Daniela Cicarelli (something about sex on the beach), and even the Pentagon blocks it in Iraq (for "network efficiency").

But things really spun out of control when the Pakistan Telecommunication Authority ordered ISPs to block YouTube on Friday. Due to some unfortunate choices made by one of Pakistan's ISPs, YouTube was blocked by the entire Internet, rather than just Pakistan. Attempting to block access to YouTube within Pakistan, the ISP managed to reroute all YouTube traffic to a black hole. For a technical view, see Danny McPherson's post on Arbor Networks. The larger point is that the blackout has exposed some serious issues here:

So, what’s the root problem here? Let’s see, where to start:
    no authoritative source for who owns and/or is permitted to provide transit services for what IP address spaces on the Internet
  • little or no explicit BGP customer prefix filters on the Internet
  • little or no inter-provider prefix filtering on the Internet
  • no route authentication and authorization update mechanism (eg., SBGP, soBGP, etc..) in today’s global routing system

I fully suspect that the announcements from Pakistan Telecom for YouTube address space were the result of a misconfiguration or routing policy oversight, and seriously doubt impact to YouTube reachability [beyond Pakistan’s Internet borders] was intentional.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All