How they did it

John C. Tanner
15 Apr 2011
00:00
News
Features

Continued from: Switched off!

On January 28, just after midnight (local time), according to global internet monitoring firm Renesys, Egypt's BGP (border gateway protocol) prefixes - which displays local IP addresses to neighboring networks so that routers can send packets to the designated address - dropped from 3,500 to 300 almost immediately, with the country's four major ISPs effectively offline.

By January 31, only 130 prefixes remained. It wouldn't be until February 2 that internet services were restored.

Two weeks later, it was Libya's turn. According to Renesys, Libya experienced overnight blackouts the weekend of February 19 and 20, finally went dark on March 2, when almost every host inside Libya became unreachable. (As of press time, internet availability in Libya had not yet been restored.)

How did they do it? According to Bill Woodcock, research director at Packet Clearing House (PCH), Egypt's initial shutdown was a surprisingly simple matter of shutting off equipment in the main internet exchange point in Cairo (known as the Ramses exchange) by cutting off the power.

'The rest was phone calls and arm-twisting," Woodcock said in a presentation to the US Department of Homeland Security's Infosec Technology Transition Council.

Libya's internet blackout was also relatively straightforward, albeit for a different reason - namely, Libya has just one ISP, Libya Telecom and Technology (LT&T), which is run by the Gaddafi family. Data from Google Transparency Report measuring query traffic within Libya indicates that LT&T's BGP routes were still operational, meaning that the routers hadn't been turned off, but traffic was still being blocked.

Libya's tactics may also have been the product of learning from the Egypt shutdown, which disconnected the government as well as protesters, says Renesys CTO James Cowie.

'The internet is a valuable wartime resource, like a critical bridge over which supplies can flow,' Cowie wrote on the company blog. 'As long as you can deny it to your enemy, you don't blow it up - you keep it intact for your own use.'

Bill Woodcock of PCH made similar observations of the Egypt shutdown in his presentation. 'No communications means no intercept, so no chilling of speech nor accumulation of evidence against speakers.?

Continued: Out of control
Go back to: Switched off!

Related content

Comments
No Comments Yet! Be the first to share what you think!