'Innocent mistake': UK’s nuclear weapons web data routed through Ukraine

HMS Victorious is seen berthed at the Clyde Naval Base in Scotland (Reuters/Danny Lawson)
Sensitive data from around 170 major companies, including the UK’s Atomic Weapons Establishment and Lockheed Martin, might have be compromised after British Telecom web traffic was accidentally rerouted through Ukraine.

The hijacking of the companies took place over a 90-minute period Thursday, while many British Telecom customers experienced diverted traffic for five days, starting from Saturday, Dyn, Internet performance company, said in a report.

Several UK government bodies were affected by the problem, including the Royal Mail and the country’s Atomic Weapons Establishment, which is “responsible for the design, manufacture and support of warheads for the United Kingdom’s nuclear deterrent.”

Such companies as Wal-Mart, Lockheed Martin, Virgin Money, Marks and Spencer, Hitachi, Toshiba and others also saw their data rerouted.

It is impossible to tell if any information was lost or compromised, with the traffic flow over the networks most likely being encrypted.

According to Dyn, the sensitive data was put at risk as routing is based “entirely on trust, it’s relatively easy to commandeer IP address space that belongs to someone else.”

“Unnecessarily sending the data to Kiev may have made it possible for employees with privileged network access to Ukrainian telecom provider Vega to monitor or tamper with data that wasn't encrypted end-to-end using strong cryptography,” Dan Goodin, Ars Technica Security editor, wrote on his blog.

The redirection was caused by a bad route announced by the Ukraine's Vega telecom, Doug Madory, Dyn's director of internet analysis, told Tech News Today website.

"At this point, I have to believe this was an innocent mistake by Vega, but it's concerning nonetheless," Madory said.

The traffic was rerouted through Vega due to the company being the sole reseller of British Telecom services in Ukraine since 2013.

It’s not the first time Dyn has discovered an instance of so-called “route hijacking” as company reported of data from Western network service providers and financial institutions being sent through Belarus and Iceland in 2013.