Difference between revisions of "DBSA:2018-073001"

From Digibase Knowledge Base
Jump to: navigation, search
(Created page with "{{DBSAHEAD | TITLE=Telegram IP Address Range Hijack | KEYWORDS=Telegram, BGP hijack, network operations }} '''DBSA ID:''' {{PAGENAME}} '''Regarding:''' Telegram IP Address R...")
 
 
Line 33: Line 33:
 
Telegram is an online chat service that advertises high-security end-to-end encryption used by approximately 200 million users as of March 2018.
 
Telegram is an online chat service that advertises high-security end-to-end encryption used by approximately 200 million users as of March 2018.
  
Beginning at 06:28:25 UTC on 30 July 2018, Telegram Messenger LLP, the company overseeing the operation and administration of the Telegram platform experienced four BGP hijack events by "Iran Telecommunication Company PJS", a provider that is associated with the Iranian government. This hijack re-routed traffic destined to 2 networks operated by Telegram Messenger LLP, networks known as "91.108.4.0/22" and "91.108.56.0/23", which are networks where Telegram servers are situated.
+
BGP is the routing protocol used by Internet providers for mapping out the global Internet. Providers "announce" IP ranges that they are responsible for routing to the rest of the Internet so the internet can figure out how to reach them. A "BGP hijack" is where a provider who does not own a given IP address range advertises that range, typically to intercept or interrupt Internet traffic.
 +
 
 +
Beginning at 06:28:25 UTC on 30 July 2018, Telegram Messenger LLP, the company overseeing the operation and administration of the Telegram platform experienced four BGP hijack events by "Iran Telecommunication Company PJS", a provider that is associated with the Iranian government. This hijack re-routed traffic destined to two networks operated by Telegram Messenger LLP, networks known as "91.108.4.0/22" and "91.108.56.0/23", which are networks where Telegram servers are situated.
  
 
Due to Telegram's encrypted nature, it isn't believed that communications were compromised at this time, but this report will be updated if this changes.
 
Due to Telegram's encrypted nature, it isn't believed that communications were compromised at this time, but this report will be updated if this changes.
 
BGP is the protocol used by Internet providers associated with routing Internet traffic between providers. Providers "announce" IP ranges that they are responsible for routing to the rest of the Internet so the internet can figure out how to reach them. A BGP hijack is where a provider who does not own a given IP address range advertises that range, typically to intercept or interrupt Internet traffic.
 
  
 
==Mitigation/Solution==
 
==Mitigation/Solution==

Latest revision as of 12:57, 30 July 2018

Disclaimer: as technology changes, advisories may become out of date or may no longer be relevant, please refer to the "Date" section of the header to be sure the advisory is recent as pertains to your situation.

Digibase Security Advisory - Telegram IP Address Range Hijack

Keywords: Telegram, BGP hijack, network operations

DBSA ID: 2018-073001

Regarding: Telegram IP Address Range Hijack

Writeup: Kradorex Xeron (talk) 13:31, 30 July 2018 (EDT)

Date: 2018 07 30

Last Modified: 20180730125700 by Kradorex Xeron

Who should take note: Telegram Users

Classification

Priority: MODERATE

Rationale: Users may want to monitor official Telegram communications and other media sources.

Severity: MODERATE

Rationale: It is not believed that communications were compromised at this time.

Spread of Issue: SINGLE-PLATFORM HIGH

Rationale: All Telegram users are potentially subject.

Description

Telegram is an online chat service that advertises high-security end-to-end encryption used by approximately 200 million users as of March 2018.

BGP is the routing protocol used by Internet providers for mapping out the global Internet. Providers "announce" IP ranges that they are responsible for routing to the rest of the Internet so the internet can figure out how to reach them. A "BGP hijack" is where a provider who does not own a given IP address range advertises that range, typically to intercept or interrupt Internet traffic.

Beginning at 06:28:25 UTC on 30 July 2018, Telegram Messenger LLP, the company overseeing the operation and administration of the Telegram platform experienced four BGP hijack events by "Iran Telecommunication Company PJS", a provider that is associated with the Iranian government. This hijack re-routed traffic destined to two networks operated by Telegram Messenger LLP, networks known as "91.108.4.0/22" and "91.108.56.0/23", which are networks where Telegram servers are situated.

Due to Telegram's encrypted nature, it isn't believed that communications were compromised at this time, but this report will be updated if this changes.

Mitigation/Solution

Telegram users may wish to monitor Telegram official communications or media to determine if there is any risk. This report will be updated if the risk profile changes.

References