ZDNet Government

David Gewirtz
Home / News & Blogs / ZDNet Government

YouTube shut down reveals some serious net security weaknesses

By | February 25, 2008, 7:08am PST

Summary: It isn’t often that the world of political repression interferes with our ability to watch home videos of cat tricks, but in a bizarre turn of events that’s what happened over the weekend. Google-owned YouTube is a favorite target not only of copyright holders, who complain the site facilitates illegal sharing, but also of third-world dictators, [...]

It isn’t often that the world of political repression interferes with our ability to watch home videos of cat tricks, but in a bizarre turn of events that’s what happened over the weekend.

Google-owned YouTube is a favorite target not only of copyright holders, who complain the site facilitates illegal sharing, but also of third-world dictators, who don’t like just how easily the site allows for dissidents to communicate with the rest of the world.

Thus, it wasn’t too surprising when Pakistani authorities ordered access to YouTube shut down. Iran and the UAE have permanent bans on YouTube, Morocco and Thailand have had on-again-off-again bans, Brazil temporarily banned the site due to a court action by supermodel Daniela Cicarelli (something about sex on the beach), and even the Pentagon blocks it in Iraq (for “network efficiency”).

But things really spun out of control when the Pakistan Telecommunication Authority ordered ISPs to block YouTube on Friday. Due to some unfortunate choices made by one of Pakistan’s ISPs, YouTube was blocked by the entire Internet, rather than just Pakistan. Attempting to block access to YouTube within Pakistan, the ISP managed to reroute all YouTube traffic to a black hole.

For a technical view, see Danny McPherson’s post on Arbor Networks. The larger point is that the blackout has exposed some serious issues here:

So, what’s the root problem here? Let’s see, where to start:

    no authoritative source for who owns and/or is permitted to provide transit services for what IP address spaces on the Internet
  • little or no explicit BGP customer prefix filters on the Internet
  • little or no inter-provider prefix filtering on the Internet
  • no route authentication and authorization update mechanism (eg., SBGP, soBGP, etc..) in today’s global routing system

I fully suspect that the announcements from Pakistan Telecom for YouTube address space were the result of a misconfiguration or routing policy oversight, and seriously doubt impact to YouTube reachability [beyond Pakistan’s Internet borders] was intentional.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “ZDNet Government”

Topics

Security, YouTube Inc., Pakistan, Internet Service Providers (ISPs), Internet, BGP, Networking, Richard Koman

Disclosure

Richard Koman

http://government.zdnet.com/?page_id=3731

Biography

Richard Koman

Richard Koman is an attorney admitted to practice in California. As a technology writer since the mid-1980s, Richard Koman has documented the role of computing in the transformation of the graphic arts, the growth of the Web and the birth of the peer-to-peer phenomenon. He worked as a book and web editor for O'Reilly Media throughout the 1990s, editing several influential websites and numerous best-sellers. As a lawyer, as well as a tech writer, he brings a unique perspective to the blog's intersection of law, government and technology.
5
Comments
Add Your Opinion

Join the conversation!

Just In

RE: YouTube shut down reveals some serious net security weaknesses
mindhunter07 24th Dec 2009
But do not under estimate the Capabilities of this little
under developed country.
View in thread
0 Votes
+ -
BGP was implemented...
bjbrock 25th Feb 2008
to decentralize the Internet and make it more autonomous. I guess there was a few things they missed.

One BGP router shouldn't be able to poison that much of the Internet. There is definitely going to have to be some changes somewhere.
0 Votes
+ -
Message has been deleted.
da_darkman@... Updated - 25th Feb 2008
0 Votes
+ -
The only reason this ever happened...
smarmybastard 25th Feb 2008
This was Al Gores fault...
0 Votes
+ -
RE: YouTube shut down reveals some serious net security weaknesses
Aaron A Baker 26th Feb 2008
If a little "Underdeveloped" Country like Pakistan can block off the whole world, what does that say about our internet Security and far more important, Internet Solidity and Viability.
Think about it.
Pakistan, "Not as savvy as other far more developed Countries have blocked the entire world.
What does that tell you. Speaks volumes to me.
Man we better get our collective acts together and "MAKE SURE" that this can't happen again.
Regardless of Point of Origin or Country, no one should be able to do what Pakistan has done.
The we dare talk about Security??
I would rethink the Security Situation and come up with a better way of implementation.
If it's at all possible.
Regards
Aaron
0 Votes
+ -
RE: YouTube shut down reveals some serious net security weaknesses
mindhunter07 24th Dec 2009
But do not under estimate the Capabilities of this little
under developed country.

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix