There Were BGP Anomalies During the Venezuela Blackout

Summary

The Low Orbit Security Radar is a weekly security newsletter from an offensive practitioner's perspective. One idea, curated news, and links worth your time. News: There Were BGP Anomalies During The Venezuela BlackoutWhen watching the situation in Venezuela unfold, the phrase "It was dark, the lights of Caracas were largely turned off due to a certain expertise that we have" caught my attention. I do not wish to comment on the geopolitical situation other than to provide some insights within my area of competency, specifically, offensive security. During a press conference, General John D. Caine stated: "As they approached Venezuelan shores the United States began layering different effects provided by SPACECOM, CYBERCOM, and other members of the inter-agency to create a pathway". Cyber operations preceding traditional military actions have become a common pattern so I started digging into the reported internet outages. BGP is the first thing that comes to mind. It's a protocol used by routers to determine what path data takes to get to it's destination, it does this by exchanging routing information between Autonomous Systems. It is also notoriously insecure and much of the data about BGP is collected in public datasets. Every major network has an Autonomous System Number or ASN. CANTV (AS8048) is Venezuela's state-owned telecom, so that's the obvious place to start.Cloudflare Radar's route leak data for AS8048 on January 2nd had some interesting anomalies: 8 prefixes (blocks of IP addresses) were being routed through CANTV, with Sparkle (an Italian transit provider) and GlobeNet (a Colombian carrier) in the Autonomous System (AS) path. The AS path is essentially the list of networks traffic passes through to reach its destination. CANTV was in a path it is not typically a part of.There was also a noticeable spike in BGP announcements in the days leading up to the events and a drastic dip in the "Announced IP Address Space" according to the same Cloudflare Radar d...