This past weekend, the government of Iraq blocked the popular messaging app Telegram, citing the need to protect Iraqi’s personal data. However, when an Iraqi government network leaked out a BGP hijack used for the block, it became yet another BGP incident that was both intentional, but also accidental. Thankfully disruption was minimized by Telegram’s use of RPKI.
This past weekend, the government of Iraq took the step to block the popular messaging app Telegram, citing the need to protect the personal data of Iraqi users following a leak of confidential information. According to data from our friends over at Tor’s Open Observatory for Network Interference (OONI), the block was implemented by blocking Telegram’s IP addresses.
Evidently, when the Iraqi government began blocking Telegram, it started by using BGP to hijack traffic destined for IP addresses associated with the messaging service, redirecting them to the proverbial bitbucket. And, as has happened before on numerous occasions, these hijack BGP routes leaked out of the country.
However, despite this technical error, no Telegram disruption was reported outside of Iraq, in part, due to the fact that Telegram had created Route Origin Authorizations (ROAs) for its routes allowing ASes outside of Iraq to automatically reject the hijacks. A ROA is a record in RPKI that specifies the AS origin that is authorized to originate the IP address range.
Perhaps the most famous BGP hijack ever was Pakistan’s hijack of YouTube in 2008 (also see The Internet’s Biggest BGP Incidents). In that case, the Pakistani government ordered a block of Youtube in the country. The Pakistani state telecom, PTCL created BGP routes to hijack traffic destined for Youtube and blackhole it. However, the hijacks leaked out of Pakistan, leading to a global disruption of Youtube. Over the years, there have been many such leaks of BGP hijacks meant to censor content, such as those in Ukraine and Iran.
More recently, during the initial weeks of the Myanmar military coup in 2021, the military junta in charge ordered social media to be blocked. To comply with the order, one Myanma ISP elected to use BGP in order to hijack local Twitter traffic and drop it. Unfortunately, their hijack route was inadvertently leaked out of Myanmar, causing disruptions to Twitter around South Asia.
And finally, last year, during Russia’s crackdown on social media and independent journalism following their invasion of Ukraine, a Russian ISP elected to use BGP to blackhole traffic to Twitter by hijacking the exact same prefix (104.244.42.0/24) that was hijacked a year earlier in Myanmar.
However, there was a difference between the two hijacks of Twitter’s 104.244.42.0/24 by Myanmar in 2021 and then again by Russia in 2022. In the intervening year, Twitter deployed RPKI, creating ROAs in RPKI for nearly all of its routes. By doing so, it enabled ASes which rejec
