icon bookmark-bicon bookmarkicon cameraicon checkicon chevron downicon chevron lefticon chevron righticon chevron upicon closeicon v-compressicon downloadicon editicon v-expandicon fbicon fileicon filtericon flag ruicon full chevron downicon full chevron lefticon full chevron righticon full chevron upicon gpicon insicon mailicon moveicon-musicicon mutedicon nomutedicon okicon v-pauseicon v-playicon searchicon shareicon sign inicon sign upicon stepbackicon stepforicon swipe downicon tagicon tagsicon tgicon trashicon twicon vkicon yticon wticon fm

'Innocent mistake': UK’s nuclear weapons web data routed through Ukraine

'Innocent mistake': UK’s nuclear weapons web data routed through Ukraine
Sensitive data from around 170 major companies, including the UK’s Atomic Weapons Establishment and Lockheed Martin, might have be compromised after British Telecom web traffic was accidentally rerouted through Ukraine.

The hijacking of the companies took place over a 90-minute period Thursday, while many British Telecom customers experienced diverted traffic for five days, starting from Saturday, Dyn, Internet performance company, said in a report.

Several UK government bodies were affected by the problem, including the Royal Mail and the country’s Atomic Weapons Establishment, which is “responsible for the design, manufacture and support of warheads for the United Kingdom’s nuclear deterrent.”

UK traffic diverted through Ukraine included nuclear weapon maker AWE http://t.co/Df15sVUsDgpic.twitter.com/8BvpsbwR6w

— Dyn Research (@DynResearch) March 13, 2015

Such companies as Wal-Mart, Lockheed Martin, Virgin Money, Marks and Spencer, Hitachi, Toshiba and others also saw their data rerouted.

It is impossible to tell if any information was lost or compromised, with the traffic flow over the networks most likely being encrypted.

According to Dyn, the sensitive data was put at risk as routing is based “entirely on trust, it’s relatively easy to commandeer IP address space that belongs to someone else.”

“Unnecessarily sending the data to Kiev may have made it possible for employees with privileged network access to Ukrainian telecom provider Vega to monitor or tamper with data that wasn't encrypted end-to-end using strong cryptography,” Dan Goodin, Ars Technica Security editor, wrote on his blog.

The redirection was caused by a bad route announced by the Ukraine's Vega telecom, Doug Madory, Dyn's director of internet analysis, told Tech News Today website.

"At this point, I have to believe this was an innocent mistake by Vega, but it's concerning nonetheless," Madory said.

The traffic was rerouted through Vega due to the company being the sole reseller of British Telecom services in Ukraine since 2013.

It’s not the first time Dyn has discovered an instance of so-called “route hijacking” as company reported of data from Western network service providers and financial institutions being sent through Belarus and Iceland in 2013.

Dear readers and commenters,

We have implemented a new engine for our comment section. We hope the transition goes smoothly for all of you. Unfortunately, the comments made before the change have been lost due to a technical problem. We are working on restoring them, and hoping to see you fill up the comment section with new ones. You should still be able to log in to comment using your social-media profiles, but if you signed up under an RT profile before, you are invited to create a new profile with the new commenting system.

Sorry for the inconvenience, and looking forward to your future comments,

RT Team.

Podcasts