Connect with us

Biz & IT

New Cloudflare tool can tell you if your ISP has deployed BGP fixes

Published

on

Tommy Lee Walker | Getty Images

For more than an hour at the beginning of April, major sites like Google and Facebook sputtered for large swaths of people. The culprit wasn’t a hack or a bug. It was problems with the internet data routing standard known as the Border Gateway Protocol, which had allowed significant amounts of web traffic to take an unexpected detour through a Russian telecom. For Cloudflare CEO Matthew Prince, it was the last straw.

BGP disruptions happen frequently, generally by accident. But BGP can also be hijacked for large-scale spying, data interception, or as a sort of denial of service attack. Just last week, United States Executive Branch agencies moved to block China Telecom from offering services in the US, because of allegedly malicious activity that includes BGP attacks. Companies like Cloudflare sit on the front lines of the BGP blowback. And while the company can’t fix the problem directly, it can call out those that are slow to contribute defenses.

On Friday, the company launched Is BGP Safe Yet​, a site that makes it easier for anyone to check whether their internet service provider has added the security protections and filters that can make BGP more stable. Those improvements are most effective with wide adoption from ISPs, content delivery networks like Cloudflare, and other cloud providers. Cloudflare estimates that so far about half of the internet is more protected thanks to heavy hitters like AT&T, the Swedish telecom Telia, and the Japanese telecom NTT adopting BGP improvements. And while Cloudflare says it doesn’t seem like the Rostelecom incident was intentional or malicious, Russian telecoms do have a history of suspicious BGP meddling, and similar problems will keep cropping up until the whole industry is on board.

“With that last big route leak from a few weeks ago out of Russia it was a point at which our engineering team said enough is enough, it’s time for us to start naming and shaming the companies who aren’t doing this right,” says Cloudflare CEO Matthew Prince. “Anything that goes wrong anywhere on the internet we get blamed for it, which is right! Our customers pay us to make sure their internet connections are fast and secure and reliable. So BGP is one of these really frustrating areas that we can’t solve ourselves.”

BGP is like a GPS mapping service for the internet, enabling ISPs to automatically choose what route data should take over the internet’s vast landscape of networks. But really BGP is like using a GPS mapping service run by your opinionated relatives. Your cousin’s step-father says “oh, take this route. It’ll be fast and safe and you get to pass the house with the great Halloween decorations,” and you just have to trust him. If he doesn’t know what he’s talking about—like an ISP advertising a bad BGP route—you could end up stuck in endless mall traffic.

The cryptographic tools, route filters, and best practices Cloudflare and other organizations have been promoting are like a sixth sense for detecting when you’re getting bad advice. They run actual checks on the BGP routes other IPs are “announcing,” or offering, to make sure they’re legitimate and that no one is advertising a problematic route.

Is BGP Safe Yet will test your ISP by offering a legitimate route and an invalid one to load two pages. If your ISP catches the invalid route and only loads the page on the real route, it passes the test. But if it accepts both routes as valid, your ISP will fail, meaning that it hasn’t yet implemented the BGP protections to check for bad routes and filter them.

Even with a large number of services still not offering BGP protections, you can still reap benefits from those that do. Prince explains that during a disruption like the Russian telecom incident, ISPs using BGP best practices would identify the issue, often called a “route leak,” and reject it in favor of a legitimate route. So if your home Wi-Fi comes from Comcast, which hasn’t yet implemented the improvements, and you get your mobile data from AT&T, which has, you might have issues loading certain websites and services on your laptop during a BGP incident, but could access them fine from your smartphone.

You probably don’t have a direct line to the CEO of your ISP to complain about its lack of hustle on BGP protections. Cloudflare hopes, though, that the tool will raise awareness among consumers while also providing an easy way for industry players to see and be seen.

“BGP is a 40-plus-year-old protocol, it’s a miracle the internet has worked on what is really just a trust-based system for as long as it has,” Prince says. “Obviously it makes sense to have more verification, because anything else is madness. And yet! It’s taken a long time to actually get that implemented. Hopefully we can put a little bit of public pressure on.”

This story originally appeared on wired.com.

Continue Reading

Biz & IT

Nvidia AI plays Minecraft, wins AI conference award

Published

on

Enlarge / MineDojo’s AI can perform complex tasks in Minecraft.

Nvidia

A paper describing MineDojo, Nvidia’s generalist AI agent that can perform actions from written prompts in Minecraft, won an Outstanding Datasets and Benchmarks Paper Award at the 2022 NeurIPS (Neural Information Processing Systems) conference, Nvidia revealed on Monday.

To train the MineDojo framework to play Minecraft, researchers fed it 730,000 Minecraft YouTube videos (with more than 2.2 billion words transcribed), 7,000 scraped webpages from the Minecraft wiki, and 340,000 Reddit posts and 6.6 million Reddit comments describing Minecraft gameplay.

From this data, the researchers created a custom transformer model called MineCLIP that associates video clips with specific in-game Minecraft activities. As a result, someone can tell a MineDojo agent what to do in the game using high-level natural language, such as “find a desert pyramid” or “build a nether portal and enter it,” and MineDojo will execute the series of steps necessary to make it happen in the game.

Examples of tasks that MineDojo can perform.

Examples of tasks that MineDojo can perform.

Nvidia

MineDojo aims to create a flexible agent that can generalize learned actions and apply them to different behaviors in the game. As Nvidia writes, “While researchers have long trained autonomous AI agents in video-game environments such as StarCraft, Dota, and Go, these agents are usually specialists in only a few tasks. So Nvidia researchers turned to Minecraft, the world’s most popular game, to develop a scalable training framework for a generalist agent—one that can successfully execute a wide variety of open-ended tasks.”

Nvidia

The award-winning paper, “MINEDOJO: Building Open-Ended Embodied Agents with Internet-Scale Knowledge,” debuted in June. Its authors include Linxi Fan of Nvidia and Guanzhi Wang, Yunfan Jiang, Ajay Mandlekar, Yuncong Yang, Haoyi Zhu, Andrew Tang, De-An Huang, Yuke Zhu, and Anima Anandkumar of various academic institutions.

You can see examples of MineDojo in action on its official website, and the code for MineDojo and MineCLIP is available on GitHub.

Continue Reading

Biz & IT

European Parliament DDoSed after declaring Russia a sponsor of terrorism

Published

on

Enlarge / An iteration of what happens when your site gets shut down by a DDoS attack.

The European Parliament website was knocked offline for several hours on Wednesday by a distributed denial-of-service (DDoS) attack that started shortly after the governing body voted to declare the Russian government a state sponsor of terrorism.

European Parliament President Roberta Metsola confirmed the attack on Wednesday afternoon European time, while the site was still down. “A pro-Kremlin group has claimed responsibility,” she wrote on Twitter. “Our IT experts are pushing back against it & protecting our systems. This, after we proclaimed Russia as a State-sponsor of terrorism.”

While this post was being reported and written, the website became available again and appeared to work normally.

The pro-Kremlin group Metsola referred to is likely the one known as Killnet, which emerged at the start of Russia’s invasion of Ukraine and has posted claims of DDoS attacks in countries supporting the smaller nation. Targets have included police departments, airports, and governments in Lithuania, Germany, Italy, Romania, Norway, and the United States.

Shortly after Wednesday’s attack against the European Parliament started, Killnet members took to a private channel on Telegram to post screenshots showing the European Parliament website was unavailable in 23 countries. Text accompanying the images made a homophobic remark directed at the legislative body.

The outage occurred shortly after the parliament overwhelmingly voted to declare the Kremlin a sponsor of terrorism.

Members of the European Parliament “highlight that the deliberate attacks and atrocities committed by Russian forces and their proxies against civilians in Ukraine, the destruction of civilian infrastructure and other serious violations of international and humanitarian law amount to acts of terror and constitute war crimes,” the declaration stated. “In light of this, they recognize Russia as a state sponsor of terrorism and as a state that ‘uses means of terrorism.’”

The resolution was adopted with 494 votes in favor, and 58 against. There were 44 abstentions.

DDoS attacks typically harness the bandwidth of hundreds, thousands, and in some cases, millions of computers infected with malware. After coming into their control, the attackers cause them to bombard a target site with more traffic than they can accommodate, forcing them to deny service to legitimate users. Traditionally, DDoS has been among the crudest forms of attack because it relies on brute force to silence its targets.

Over the years, DDoSes have become more advanced. In some cases, the attackers can increase the bandwidth by as much as a thousand-fold using amplification methods, which send data to a misconfigured third-party site, which then returns a much larger amount of traffic to the target.
Another innovation has been designing attacks that exhaust the computing resources of a server. Rather than clogging the pipe between the website and the would-be visitors—the way more traditional volumetric DDoSes work—packet-per-second attacks send specifc types of compute-intensive requests to a target in an attempt to bring the hardware connected to the pipe to a standstill.

Metsola said the DDoS attacks on the European Parliament were “sophisticated,” a word that’s often misused to describe DDoSes and hacks. She provided no details to corroborate that assessment.

Continue Reading

Biz & IT

Apple iPhone factory workers clash with police in China

Published

on

Enlarge / Workers walk outside Hon Hai Group’s Foxconn plant in Shenzhen, China, in 2010.

Violent worker protests have erupted at the world’s largest iPhone factory in central China as authorities at the Foxconn plant struggle to contain a COVID-19 outbreak while maintaining production ahead of the peak holiday season.

Workers at the factory in Zhengzhou shared more than a dozen videos that show staff in a standoff with lines of police armed with batons and clad in white protective gear. The videos show police beating workers, with some bleeding from their heads and others limping away from chaotic clashes.

Beijing’s strict zero-COVID regime has posed big challenges for the running of Foxconn’s Zhengzhou plant, which typically staffs more than 200,000 workers on a large campus in the city’s suburbs.

Wednesday’s unrest will heighten investor concerns about supply chain risk at Apple, with more than 95 percent of iPhones produced in China.

Problems at the plant earlier this month led Apple to cut estimates for high-end iPhone 14 shipments and to issue a rare warning to investors over the delays.

Two workers at the Foxconn factory said the protests broke out on Wednesday morning after Apple’s manufacturing partner attempted to deny bonuses promised to new workers put into quarantine before being sent to assembly lines.

“Initially they just went into the plant seeking an explanation from executives, but they [the executives] didn’t show their faces and instead called the police,” said one of the workers.

Another worker said there was growing discontent over the factory’s continued inability to curb a COVID outbreak, tough living conditions, and fear among staff that they would test positive.

Foxconn said the company would work with employees and the government to prevent further violent acts.

The company said it had always fulfilled its contracts and would continue to “communicate and explain” that to new staff. It said reports that the company had mixed COVID positive workers with those not yet infected were untrue.

Videos show workers flipping over carts on the Foxconn campus, charging into the factory’s offices and bashing a COVID testing booth. Live streams from the scene on Wednesday afternoon showed groups of workers milling about in a courtyard between buildings. Some workers were livestreaming the protests on social media until censors stepped in to cut off the broadcasts.

“The Foxconn situation raises concern for China’s leaders because it challenges the narrative of being a reliable supplier,” said Shan Guo at Plenum China Research. “It’s clear workers are not happy being locked down,” she said.

Foxconn has been working with the local government in Henan province, where the plant is located, to repopulate its assembly lines with new workers after a mass staff exodus late last month spurred by conditions at the plant.

Local officials have been tasked with helping send workers to the plant, which is a big taxpayer and was responsible for 60 percent of the province’s exports in 2019.

Ivan Lam, an analyst at Counterpoint Research, said Foxconn had already been shifting iPhone 14 production away from the Zhengzhou factory amid the COVID problems. He estimated the Zhengzhou plant’s share of total iPhone 14 production was down to about 60 percent today from about 80 percent before the outbreak began.

Apple did not immediately respond to requests for comment.

© 2022 The Financial Times Ltd. All rights reserved. Please do not copy and paste FT articles and redistribute by email or post to the web.

Continue Reading

Trending