Following orders to take down content deemed offensive by the government, Pakistan’s telecom company went the extra mile and took down the whole YouTube site.

They did this using an abusive networking trick called “BGP Injection” in which they told the world that the IP address listed in DNS for YouTube was on their network. When YouTube requests came in to the Pakistani network they were, of course, not satisfied. The problem lasted about 2 hours before the rest of the world caught on and undid the changes.

BGP Injection is impossible to prevent and difficult to address, and you only see it if you’re looking for it. In many ways it’s the ultimate phishing tool. If the right people in Pakistan had gone further and put up a fake YouTube site to satisfy incoming requests it would have been hard for users to see the problem.

It’s not a secret, but it hasn’t gotten that much attention. Now perhaps a rogue network operator will be inspired to use this technique to its ultimate, malicious ends.

This entry was posted on Wednesday, February 27th, 2008 at 1:25 am and is filed under News. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.