A dumb-pipe and Net Neutrality

The pipe that brings water into your home is a pretty un-sexy thing, just like the electrical cables that deliver electricity. Your internet connection though, has gotten sexier and sexier–from being used to deliver paid content like hyppTV and Astro to other more interesting services, resulting in a triple play (internet, tv and phone) of services, all piped into your home on a fibre optic cable no thicker than a strand of your hair.

But should you internet connection be sexy or should it be a dumb-pipe? The telcos of course want to deliver more services and hence fatten the bottom-line, but the problem I have is that in their zeal to do this, they’ve violated the principles of net neutrality, and I fear that we’re going down a rabbit-hole of ‘favored’ content, that sooner or later we’re not going to be able to reverse this trend.

A quick example is Maxis, it’s the only player out that can stream Astro content over the Fibre cable. That gives Maxis an un-fair advantage over TM.

Continue reading

Block This!!

A notice posted on the Malaysian Communications and Multimedia Commission’s (MCMC) Facebook page said the decision was made to block websites that “promote, spread information and encourage people to join the Bersih 4 demonstration“, on grounds that this will “threaten national stability”.

I cannot then tell you to join Bersih and call for free and fair elections, and I couldn’t begin to articulate that our Prime Minister has received BILLION ringgit donations from foreign sources, and certainly I must refrain from encouraging you to do your civic duty to attend tomorrows rally.

I also shouldn’t post pictures like the one below:

Bersih

Bersih

Why we fear ‘hackers’: Dangers of Technical Illiteracy

anonymousmask380-300x225Are you afraid of Hackers? Do you lie restless at night thinking of what might happen if they got into your bank account, facebook profile, or e-mail. Perhaps you’re also worried about that they might hack into a forum you visit, or that they might get into your personal messages on whatsapp.

It’s true that hackers are able to do all of these things, but the public perception of hackers really isn’t quite justified, and this false perception can lead to terrible outcomes.

Take last weeks post about the hacktivist group Anonymous. In it I expanded on the public fear of anonymous and how that didn’t correspond to the actual damage that the group causes. Sometimes all Anonymous does is a DDOS on a public website, that still takes some skill, but far removed from actually infiltrating a server. Yet, most people wouldn’t be able to differentiate a DDOS attack of a website to a compromise of an actual server, and this inability leads then to disproportionately fear hackers, worse still it leads them to lump all security related incidences into a single bucket called “hacked by hackers”.

But Why?

Why are people so afraid of hackers? And why is there a huge discrepancy between what some of these hackers are actually doing and the fear that the average citizen has of them.

I have one theory–ignorance, or more specially tech-illiteracy. Continue reading

Our Communication Minister must be mistaken

Our newly appointed Communication Minister has come out all guns blazing in directing the The Malaysian Communications and Multimedia Commission (MCMC) to ask social media giants such as Facebook, Google and Twitter soon to block “false information and rumours” on their platforms.

That in itself is quite frustrating, but what really got me scratching my head was his claim that “that social media providers acted on 78 per cent of MCMC’s request for removal of content last year, with Facebook taking action on around 81 per cent of its request.”

Reuters reported that:

A Google spokesman in Kuala Lumpur said the Internet giant was “always in conversation with” the Malaysian Communications and Multimedia Commission but he declined to comment on the request from the government on curbing content.

Facebook and Twitter were not immediately available for comment.

Fortunately, we don’t need to ask Google, Facebook or twitter about these specific request, because this information is already publicly available. All 3 social media platforms publish transparency reports that detail any and all government request made to them, and whether or not those government request were acted upon.

And as it turns out the data that our Minister has doesn’t quite tally up with the information published by the platforms. According to the Facebook transparency reports (found here and here), the Government of Malaysia made 36 content removal request, and 46 user account request. Of these, less than a quarter were acted on by Facebook, unfortunately Facebook doesn’t provide the details about the specific Government agency making the request or which specific request were acted upon. But, as you can see, the numbers are fairly small (a mere 36 content removal request over an entire year), and the success of those request are quite slim as well (less than 25%).

With twitter things get even more interesting.

In 2014, the government made 3 User account request to twitter, of which all 3 were rejected that’s a resounding success rate of 0%. And in the first half of this year, it had made 1 removal request, which was also rejected. Twitter doesn’t quite like the request from our government, and the government doesn’t make that many either.

I could go on with Google, but you get the picture.

The government is not having ANY success with the removal request, so why bother trying.

A more pertinent question is why is the Minister making these numbers up? Either he’s been given false information, or he’s just making shit up at this point. There is a possibility that maybe he’s telling the truth, through some math-magic, maybe the MCMC makes a smaller fraction of the request to Facebook, and maybe those have a success rate of 80%, but that’s unlikely, and it would be a insignificant number anyway.

My theory is that when you have Ministers who are appointed based on their loyalty to a certain someone, as opposed to technical knowledge of the area they’re supposed to be administering, you will continue to get this sort of this bullshit.

When technical merit, takes a backseat to political connections and allegiances–you’re bound to end up with people who don’t know anything. Something we all should be very very worried about.

Full disclosure:Google actually had one request for the 2nd half of last year, and complied with that request, resulting in a 100% compliance. However  over the entire reporting history, Google complied with 17 out of 31 request, nowhere near the numbers the good Minister has.

Understanding Anonymous from a Malaysian context

anonymousmask380-300x225The latest buzz in Malaysian cyberspace is the ‘threat’ from Anonymous Malaysia to launch ‘internet warfare’ on the Malaysian government, singling out our poor ol’ Prime Minister, demanding that he step down or face the consequences of Anonymous actions.

The threat of internet warfare even came with a date, 29th to 30th August at 2.30pm, coinciding with Bersih 4.0. You know you’re dealing with a bad-ass when they tell you when the attack is coming, sort of like Muhammad Ali telling his opponents which round he would knock them out in. (down in the 5th)

Of course, this was followed swiftly by condemnation from Bersih, that sought to distance itself from an unknown entity like anonymous, and even from the Police, who quickly determined that the video published wasn’t shot in Malaysia. some have claimed that the hackers are only interested in fame, which seems odd, seeing as how they’re …..Anonymous.

Various agencies have also claimed to ‘tighten up’ their security following the threat, which meant that security probably wasn’t very tight prior to a threat from person wearing a guy fawkes mask.

But here’s the thing. Anonymous isn’t like any other organization you know off, it doesn’t have a leader, or a CEO, or someone that’s in command. Anonymous is a hacker ‘collective’and its governance structure isn’t something you’d find in the real-world.

The best explanation I can give you of Anonymous is this, its a group hackers that come together to utilize their skills for a common goal, and the grouping disintegrates once the common goal is achieved. Meaning that the anonymous that attacked the Church of Scientology back in the early days are probably not around any more. They most likely have been replaced by a new bunch of anons (that’s what we call members of Anonymous). In short anyone can be Anonymous, and no one has copyright over the term. So having one branch of Anonymous cite another for ‘using our name‘–seems anathema to the principles of the collective. Also, Anonymous does get involve in politics, it does so all the time, whether it’s attacks on US Government websites, attacks on regimes like Tunisia, helping out Occupy Wall Street or Julian Assange, Anonymous is very political in nature.

Most of the time though, Anonymous is responsible for things that border between attack and prank. It’s attacks on the Church of Scientology (code named project Chanology), involved sending black faxes (designed to waste ink), and a Denial of Service attack on the churches website. A few years down the road, Anonymous took out Paypal, Visa and Mastercards website through a similar DDOS attack, that while damaging to the companies web-sites, did not impact the financial processing capability of the victims. These things obviously have some impact to the corporations being attacked, but the degree of that attack doesn’t seem to correspond to the amount of fear people have of the collective.

It’s like if someone were found guilty of chaining the doors at your local McDonalds, but you penalize them as though they detonated an explosive inside.To be honest, even if Anonymous took out the 150 Malaysian websites, how many of us actually visit the MACC website–do you even know the URL for it?

Of course, that doesn’t mean Anonymous is a lame-duck threat, there are times when Anonymous steps up their game. Part of the beauty of being a collective, is that sometimes you do get genuine bad-ass hackers that can wreak some havoc. One such case was #OpCartel, where members of Anonymous claimed to have hacked the databases of the Zeta Drug Cartel in Mexico, and threatened to expose the names of the members unless a kidnapped Anon was released. Not one to back-down from fights, the Zetas issued a simple but scary as hell response, “for every name released by Anonymous, the Zetas would kill 10 innocent people”. Anonymous understandably backed down, but what eventually unfolded is unknown, and the facts surrounding the entire story are blurry to say the least.

What’s interesting about the confrontation between Anonymous and Zetas is that it gives us a glimpse as to what happens when two non-state actors go at it with each other. What’s even more interesting is that Anonymous backed down, they themselves were not in any harm, and seemingly ceased operations of #OpCartel presumably because they didn’t want innocent people to die for their actions. If the American Government had such information, would it have done the same thing? If the NSA had a list of ISIS operatives in London, and ISIS threatened to kill 10 innocent people for every one ISIS operative caught–do you think the situation would play out with the NSA backing down?

The collective nature of anonymous makes them unpredictable, and that itself can be threatening. If you’re responsible for the security of the websites of certain agencies, what could you make of it? Nothing much, because you should be as secure as you can be, every single time. You shouldn’t be waiting for a guy in a video to threaten you before you take action, your websites should be secured to your best possible effort every day of the week, the fact that the government is ‘taking this seriously’ is cause of concern for me.

So what should we as Malaysians do?

We have a Government who has censored in the internet, bought surveillance software to spy on citizens (twice!), threatened to force news portals to register online, has overseen a significant drop in the quality of our science and maths education, and is fully fine with accepting foreign donations of RM2.6 billion. What you should do as a Malaysian, is get off your arse and join Bersih 4.0, and let Anonymous do what they want.

TM blocking SarawakReport

Website BlockedSarawakreport, a website covering sensitive political topics in Malaysia was blocked today by the countries most prominent ISP, Telekom Malaysia (TM).

Internet users using TM’s Domain Name Server (DNS) reported that the website was inaccessible, and I’ve confirmed that is an intentional block by TM.

Here’s a quick primer on DNS. The internet works on this marvelous set a rules we’ve come to call the Internet Protocol. Part of this protocol requires that every server or machine on a network be assigned a unique number to identify itself, this number is called an IP address. An IP address is sort of the phone number of a server, and if you want to communicate with a server you’d need to know that servers phone number.

Now of course the internet is made of billions of websites, and so it comes with its own directory service. Older readers will remember dialing 103 on our local phone lines to talk to an operator to look up someones phone number, this is exactly the same concept. On the internet, this directory service is automatic, and comes with a cool name–Domain Name Server (DNS).

When you type google.com or keithRozario.com on your web-browser, the browser automatically looks up the IP address of the website you requested via a DNS server. And just like how you’d have to memorize 103 in order to call it, your computer is set to request DNS resolutions from a specific DNS server.

For most TM users, this is set to a DNS server with an IP address of 1.9.1.9, you can change this of course, but if you’ve never knew what a DNS was, chances are you’re using TM’s server to convert web addresses to IP addresses.

Now you can see the issue, if TM is the sole service that you use to convert website addresses to IP addresses, it has a lot of control. For instance it could block you from accessing porn sites (which it does), and of course it can block you from accessing ‘controversial’ political blogs like SarawakReport.

How do I know this? You can change the settings on your computer to use alternative DNS servers (Google and OpenDNS run great free services), and these DNS servers convert SarawakReport.org to IP addresses like 104.20.27.161 (note that most of the time popular websites have multiple IP addresses, but that’s not important for now). However, if you use TM’s DNS server, SarawakReport.org converts to 175.139.142.25, which is an IP address owned by TM. This also explains why users who use Proxy servers or different DNS settings will not experience any issues.

TM-DNS

TM’s DNS server resolving SarawakReport.org to 175.139.142.25

Tsk, tsk, tsk.

If you do a reverse DNS lookup, essentially reversing the process of looking IP addresses corresponding to web urls, and instead lookup web-urls corresponding to IP addresses, you find that the same IP address is currently being used by Senyum.my–and that website has a glaring notice on the front page, signalling that the site is blocked for violating Malaysian law , that’s the screenshot you see above.

Essentially TM routed all traffic destined for SarawakReport.org to a server they keep up for hosting a ‘blocked’ notice.

This is just so sad, I really don’t know if I should laugh or cry. This method of blocking is so ineffective even a child would be able to bypass it.

For those wishing to access SarawakReport.org, please change your DNS server settings in Windows–a more effective way around the issue is to use a VPN, like the one I recommend here. A VPN provides a sure-fire way to bypass all the censorship that local ISPs can put in place.

Here’s my review of a VPN service you can use, and hopefully you use my promo code to send some cash my way :). Even if you don’t, it’s OK though, I’m still cool.

*Update*

TheStar have confirmed that the MCMC has issued the directive to block the website, something quite sad, seeing as how you already know how to circumvent the ‘block’.

Hacking Team got Hacked, and here’s what Malaysia Bought

RCS monitor

A screenshot of the RCS Software from Hacking Team

There are two types of governments in the world, Those that build complex surveillance software to spy on their citizens, and those that buy them. Our government is more the buying type.

Few nation-states have the budgets to build out complex surveillance software, but many government are finding that ‘off the shelf’ software sold by dodgy companies are just as effective at a fraction of the price of developing that capability. The problem with buying of course, is that sometimes those dodgy companies sell their wares to repressive regimes like Sudan, and being on the same customer list with Sudan doesn’t reflect well on you.

One such dodgy company is Gamma Corp, the organization responsible for the FinSpy and Finfisher suite used by the Malaysian government in the run-up to the 2013 General elections. Another is Hacking team, an Italian based company that produces similar remote control software (RCS).

And in a bit of internet karma–both of these companies were hacked themselves…possibly by the same person.

In August 2014, Gamma was hacked and had 40GB of data forcefully exfiltrated from their servers. My analysis of that leak, revealed no information about Malaysian purchases of their FinSpy software, but that was a puny 40GB of data, or roughly 3 times more data than a iPhone.

Recently however, Hacking Team had a much more severe attack, one that managed to extract 10 times more data, and here I found ample evidence of Malaysian government agencies procuring spyware from Hacking Team presumably to be used against Malaysians.

The question of course is should you be worried, the answer is Yes, and not just for the obvious reasons you might think. After combing though a trove of documents I found that 3 government agencies procured the ‘flagship’ RCS software from Hacking team, and from my layman’s understanding of the law, none of them have authority to actually use it. Worst still, some e-mails point to incompetent IT skills as well as bad Procurement practices, that actually annoyed the supplier. I will conclude this post with why this attack on Hacking Team has a positive outlook for regular internet users, and why our government agencies procuring this stuff isn’t exactly ALL THAT BAD. Continue reading

For the FINAL time, Malaysian internet speeds are NOT slow.

Average Internet SpeedsFirst off, apologies for the lack of content on the blog. I’ve been really busy at work these past few months, and content is slow moving. For instance, the previous post was a review of a router, that I tested for 4 weeks, and returned to the supplier more than a week ago–and the post only went up yesterday. To that end, my decision is to churn out my thoughts just ‘straight from the gut’ and not give this posts the usual research I typically do. Hope my regular readers will forgive the tardiness.

OK, let’s go.

Every year we get a renewed riff-raff over the internet speeds in Malaysia. Some Malaysians feel that internet speeds in Malaysia are slow, and maybe they’re right. But some Malaysians–including some reporters who should know better quote sources like Ookla and claim that Malaysian internet speeds are slower than those of Cambodia or Vietnam.

Here’s the problem, the Ookla report only churns out data based on user executed test on the popular speedtest.net website, where every test on the website is counted against the country. This makes Ookla a pretty decent place to get info, but if you confine yourself to merely the Ookla data, you can easily see how it can mislead your conclusions. Firstly, it assumes users with different internet speeds are testing at the same rate, secondly it is the collective average of all internet connectivity (fixed and mobile) and thirdly it doesn’t really give a good indication for a country the size of Malaysian.

More problems crop up, when you actually dive into the data (something I hope the reporters did) and you realize the way Ookla was averaging the speeds wasn’t accurate and the most important issue of all, is that most test conducted are usually between the user and closest node–meaning if you’re in KL it would try to test against a node in KL, rather than in the US. Unfortunately, the internet is geographically very distributed, and these test don’t provide us a good indication of the overall speed of connections–and more importantly how those connection speeds are distributed among the citizens in the country.

A more comprehensive way to gauge how well Malaysian internet connectivity is to take a couple of other data points besides Ookla to draw a more comprehensive picture of the true state of Malaysian internet.

For instance, you might look at the Akamai state of the internet report. Unlike Ookla that bases its data on user executed test, Akamai bases it data on actual internet traffic, and they should know because by some accounts they deliver 15-30% of global internet traffic. What does Akamai say? Well Malaysia has an average speed of 4.3Mbps, while Cambodia averages just 3.3Mbps and Vietnam 3.2Mbps. We’re still trailing Singapore and Thailand, but we’re not as bad as the Ookla data suggest. Also, Akamai report that more than 43.2% of users have a internet connection above 4Mbps (quite surprising if the average is 4.3–suggesting our median internet connection speed is also 4Mbps), while in Vietnam and Cambodia those numbers are 25% and 17% respectively.

Now of course we can’t compare to Cambodia and Thailand if we want to grow as a  ‘knowledge-based’ economy, but in reality we can’t compare to Singapore either–we are a very geographically diverse country, a lot of Malaysians draw a Malaysian map that only includes Peninsula Malaysia–forgetting we have a another part of Malaysia across the sea whose internet connectivity is nowhere near what we have in KL. So….you can’t really compare averages here, it would be completely unproductive.

Finally we have the sandvine report, which you can download from the sandvine site after you’ve registered. Sandvine provides services to various ISPs and telcos and uses that data to detail trends–they don’t provide connection speeds as part of the report, but they do break traffic down into fixed vs. mobile, and the amount of data consumes (and type of data consumed) across the different channels.

For example, in the Asia-Pacific region, the average consumption of data across a fixed is between 17-30GB of data. That’s less than half the fair usage amount advertised by TM, and a good reason to believe that TM will probably never implement such a policy.Sandvine also break down the traffic type, indicating that in our region the biggest data usage is on bit-torrent, followed by youtube. Partially expected, but think about what that means for connection speeds–if we have local youtube servers in Malaysia wouldn’t that result in better overall internet experience for Malaysian users. Better than say someone in Thailand with a faster internet connection, but having to route that to an outside country? Also bit-torrent is interesting, because your connection speed on bit-torrent is just part of the equation, you also have to rely on the bit-torrent swarm to have enough bandwidth and seeds to experience quite downloads on the protocol.

All in all, I just want to say, Malaysia is far from perfect, and I’ve got no problems bringing the government down a peg or two, maybe even three. But sometimes we just have to be honest and focus on the real issue.

The real issue in Malaysia is internet penetration, and specifically broadband penetration. Unlike you old folks (including myself these days), the younger generation of this country are using less fixed devices like PCs and Laptops, and more smartphones and tablets, and the way we use the internet is fundamentally changing. We need to up the penetration to the kampungs and rumah panjangs, and not fret too much about speeds. We also need to get cost down, which is a fundamentally different problem than getting speeds up.

I blame the media for this bullshit. The reporters of most of these news outlets, have so badly researched their stuff that geeks like me just get angry when we read them, and I know the vast majority of Malaysians have no idea of the nuances of these reports, and are just taking them on face value–the media have a fundamental responsibility to help people make sense of the data, and they have failed misreably–I’m looking at you Malaysiakini.

That’s it folks, i’m sure there are some typos and errors in the post, but any post is better than no post. Hope you enjoyed it.

Keith signing off!!

EnGenius Wireless Router ESR600 Review

dsc00503

A couple of weeks back, the guys over at infoversal loaned me a Engenius ESR600 router for a review, at first I was a bit hesitant, but my overall unhappiness with my TP-link router made me think twice. So I gave it a shot, and boy was it worth it.

The router looks pretty normal, nothing to shout about here. While its competitors like Asus and TP-Link opted to go for black exteriors, Engenius chose to stick to white-ish color, this thing doesn’t look good near modern TV sets or  home theatre systems (which is where my router is), but the fact that it doesn’t have antennas seems to be a saving grace.

That being said, the Engenius is a pretty slick device, I’m not sure how it does it, but the antenna-less design Engenius has more signal strength than my TP-Link router over both the 2.4Ghz and 5Ghz range. Yes, the router is dual-band and one that actually works well over both bands. So great points for Engenius in that category. Continue reading

The day the internet stood still–AGAIN!

There was a time when the internet was young, just a little fledgling network, an academic toy used only by computer scientist to try out theoretical concepts. Contrary to popular belief the internet wasn’t created to withstand a nuclear war(although it can), instead it was created to address a very serious engineering question–how to connect together different computers with different operating systems and different commands? The answer to that question stumped many brilliant people, in the late 60’s and early 70’s, computers were Gods of their domain, stand-alone machines with ‘slaves’ like disk-drives and monitors, if you hooked up a computer to another computer, they wouldn’t know what to do–there’s a chinese saying about one mountain can only have one dragon, computers in those days were exactly like that.

Solving that issue of having a computers connect to each other, was no trivial task, it took a US Department of Defence project to resolve the issue, culminating in ARPANET. For geeks like me, ARPANET is like the garden of Eden, where it all began, where God said let there be downloads and uploads. But ARPANET was a military funded network, and soon other networks begun to connect into it, and slowly but surely ARPANET faded into oblivion leaving a civilian run Internet behind. The engineering challenges of the day were daunting enough, that no one stopped to think about the possible security challenges, after all the word cyber-crime didn’t exist yet, there wasn’t an internet to do bad things on. So a lot of the protocols that were designed by the engineers of the day assumed that everyone on the network was playing fair and nice, and that it was a co-operative network of peers. Today, IT architects like myself view the internet as an un-trusted by reliable network, where all sensitive data traversing it should be encrypted. It’s a like a super highway full of bandits, and the only way we’d use it, is if we drove tanks.

E-mail, the killer-app

Take for instance the very first ‘killer-app’ for the internet, e-mail. The first iteration of e-mail was built on a protocol meant for transferring files rather than messages, a kind of protocol hack. This was a time when the number of users on the network could be listed by hand on a piece of paper–and everyone trusted each other, hence the protocol never incorporated any form of authentication simply because it wasn’t required, the early internet was like the sitcom cheers, everybody really did know your name. Even when e-mail got its own protocol, authentication was never considered an important feature.

Authentication is the act of verifying the identity of a person or machine performing a request, when you call certain call centers, they may authenticate you by asking a series of questions like “what’s your mothers maiden name”, or “what’s your favorite pet”. Un-authenticated protocols, allow anyone to either impersonate someone, or just execute any command, and unfortunately is the default standards for many of the older protocols online.

The e-mail we use today, is built on these ancient un-authenticated protocols, with a couple of tweaks here and there, but fundamentally it remains every bit insecure today as it did back then. The only difference is that there are lot more internet users today than in the 70’s, and some of those users are criminals, so when you have a widely used insecure protocol, and a criminal element looking to exploit it….you have problems.

Everything is insecure, now what?

And that brings us nicely into what happened last week, I must admit I didn’t experience the issue as I was at work, but apparently the Telekom Malaysia not just experience catastrophic internet melt-down in Malaysia, it was causing network issues on the internet globally.

The internet is (as the name suggest) an interconnection of different networks. You can think of each Internet Service Provider (ISP) as a node on that network that communicates with other ISPs. All these nodes communicate to each other using the Internet Protocol(IP), and IP works fairly similarly to the way the postal system works. With routing occuring at post-offices throughout the country, and between countries. (hopefully my previous post will help you understand)

But IP isn’t the complete picture, while IP defines how messages get routed from one node to another, it doesn’t define how those routing decisions are made. In other words, how does the Post-Office know that letters addressed to the US should be sent to Hong Kong first, before being shipped to the US?

The answer is a totally separate protocol called BGP, which was invented in the 80’s, slightly younger than IP or e-mail, but still old enough to be born in a time before security was a major concern on the internet. BGP allows for nodes in the network to communicate with each other, ‘advertising’ the other nodes they connect to.

IP is a protocol based on routing  by tables, and BGP is the protocol that defines how those routing tables get populated.

How does it work?

So for example, imagine if Klang were a country onto itself (some say it already is), and had it’s own ISP, Klang Telecommunications (KT). KT is a pretty decent ISP, and has about 2,000 IP addresses assigned to it by IANA, the body in charge of IP addresses.

Unfortunately, KT is a small local ISP and can’t build expensive under-sea cables to the internet. Instead it connects to Telekom Malaysia and Maxis for all it’s internet traffic. In this case, Telekom Malaysia and Maxis would advertise the KT IP addresses as ones that it connects through directly, and anyone wanting to communicate with KT would route all their traffic to either of them first.

Now Imagine an IP packet on the AT&T network in the US destined for a servers hosted on the KT network, the AT&T would look its BGP tables, and sees that in order to send the data to KT, it would have route the packet to either Maxis or TM. Then it looks internally and discovers that it has a direct connection to TM (single-hop), but needs to go through a Singaporean ISP to connect to Maxis (double-hop). The fastest way to get to KT is through TM, and hence all the routing is from AT&T to TM and finally to Klang.

You can probably see the issue already, if the ‘advertising’ function of the BGP isn’t authenticated, anyone can control network routing, by just claiming to be the nearest node to Facebook, or Youtube, which is exactly what Pakistan did back in 2007. Since all nodes accept the information from all other nodes without question and authentication–a rogue ISP, or even a careless mistake can wreak havoc.

And now we see the problem

That’s what happened last week, TM advertised that they were the shortest path to a motherload of IP addresses, and a giant node in the US noticed and began routing nearly all its traffic to TM. Predictably, TM just got crushed under the load, ending all traffic not just to TM subscribers, but also for the Americans using that giant node as well. Sort of like, a small phone shop, advertising that they’re selling iPhones for one dollar, and then it gets crushed by the sheer number of people cramming into the shop to buy them.

Of course, you may rightfully ask why don’t the geeks fix the problem. We have pretty easy solutions for this, unfortunately the pervasiveness of the internet make it very hard to implement any new change. The internet in many cases is a victim of it’s own success, no one imagined the internet would be this great when it first started, and we’re now reaching the edges of some of the engineering we did in the 60’s and 70’s. It’s a testament to the engineers that we’re only now reaching those limits, but the problem is ever present.

Because so many people use the internet, and because so many ISPs are on-board, any change has to be implemented world-wide. That’s the challenge, we can’t just switch off the internet for 2 days while the engineers make the change, that’s not acceptable.

Links:

http://www.lowyat.net/2015/06/tmunifistreamyx-services-facing-severe-slowdown-across-the-country/

https://news.ycombinator.com/item?id=9704952

http://www.washingtonpost.com/sf/business/2015/05/31/net-of-insecurity-part-2/

http://www.bgpmon.net/massive-route-leak-cause-internet-slowdown/