Inside Cogent’s Decision to Cut Off a Major Part of Russia’s Internet Access

Russian internet image

Cogent Communications sought to block large-scale Russian attacks on the internet. RuNet refers to the internet inside Russia.


Getty Images

This story is part of War in Ukraine, CNET’s coverage of events there and of the wider effects on the world.

Even before Russia invaded Ukraine on Feb. 24, Cogent Communications CEO Dave Schaeffer knew he had big problems.

Schaeffer’s company, which runs a big chunk of the internet backbone and sells access to it, had watched Russia’s military intelligence use the internet to launch online attacks. The company determined that some of those attacks had traveled over Cogent’s system.

Now he was worried about more-serious attacks that could target Ukraine, the US and the internet overall. He fretted that Cogent’s network could be a conduit for those attacks. So after several days of discussion, Schaeffer made a decision: Cogent would sever Russian customers’ connections to the outside internet on March 4.

“My biggest fear,” Scaheffer said in an interview, “was that our network could be subverted and used for offensive purposes.”

Cogent’s decision was a remarkable step in the networking industry, whose companies pride themselves on the breadth, speed and reliability of their services. It was particularly important because Cogent is a giant, carrying about a quarter of the internet’s traffic. Its fiber-optic cable network stretches 100,000 miles and touches 51 countries. In Russia alone, the company’s services link the country’s carriers to more than 7,500 other networks operated by internet service providers, universities, governments and companies.

Unplugging Russia is a big moment in the history of the internet. Generally, the internet has crept ever deeper into our lives, letting us check the weather in Bangkok or rent a car in Corsica. Isolating Russia, a development that’s both being imposed on the country and that it’s imposing on itself, raises risks that the global internet will fragment into a “splinternet” of regionally different networks. So far, content blocking through China’s Great Firewall is the biggest step a large country has taken away from the ordinary global internet.

Cogent’s action isn’t the only factor curtailing Russia’s online presence. A host of companies headquartered in the West have made it difficult for Russians to use their services. YouTube, for example, cut off ad revenue for Russian publishers. Apple and Microsoft halted product sales, and Adobe shut down its cloud-based services for creative pros and advertisers. Another international network provider, Lumen Technologies, ended its operations in Russia a few days after Cogent.

Russia also has taken actions that curtail the internet for its citizens. The government blocked Facebook, which could help Russians hear views independent from state-run media’s descriptions of the invasion. It plans to cut off Instagram on March 14. Twitter embraced the censorship-evading Tor technology after Russia moved to block the service. 

Still, Cogent’s decision to pull the plug on service in Russia is among the most notable moves. Schaeffer acknowledges that Cogent’s action removed enough network capacity to prevent ordinary Russians from streaming videos from outside the country. But he says improving global security was a more important consideration.

Cogent has spotted “numerous instances” of the GRU, Russia’s military intelligence, attacking online targets around the world, though it declined to share details. With Russia’s full-scale invasion of Ukraine and the resulting international response, Schaeffer worried that those smaller Russian attacks could get bigger.

“We were afraid that the scale could change dramatically,” he said.

Cogent’s high capacity network could be a conduit for online assaults like distributed denial of service, or DDoS, attacks, which flood a targeted website with so much data that it collapses under the load. Cogent also worried about other types of attacks, like router hijackings, that could benefit from its network capacity.

“These would be state-sponsored attacks” intended to disrupt the internet at a very large scale, Schaeffer said.

That’s why, after the company had begun trying to move its employees to safety, Schaeffer proposed cutting off Cogent’s Russian network connections. He sought input from across the company before making the decision and telling customers on March 3.

“I talked to some of our board members. I talked to my management team. I consulted with sales,” including staff in Ukraine, he said. “Ultimately, listening to all sides, I felt that this was the right decision to make.”

After that, Cogent began reconfiguring its network to block each port connecting to its Russian network customers, removing them one by one from the routing tables that determine how data flows across networks. The Russian embassy didn’t respond to a request for comment.

Though Ukraine has called for a complete Russian internet cutoff, internet advocates don’t like the idea.

“If everyone else does this,” said Internet Society CEO Andrew Sullivan, “then the internet will become more fragile and less interconnected.” The Internet Society is a nonprofit seeking to bring online access to everyone.

The Internet Corporation for Assigned Names and Numbers, or ICANN, an international organization that oversees internet domains, says it doesn’t have the authority to impose sanctions and explicitly rejects actions that politicize the internet. It turned down the Ukrainian request to cut off Russia.

Cogent, whose business is founded on a robust internet, doesn’t want a splinternet. But cutting off Cogent’s internet links to Russia damages the internet less than a major attack would, in Schaeffer’s view. In particular, he’s worried about an attack that could target the 13 root servers that collectively store the authoritative addresses of all the servers on the internet. Cogent operates one of them.

“We have seen the GRU specifically attempt to target routers that control the internet,” Schaeffer said, referring to the root servers. “We have had to harden that router server multiple times due to attacks originating in Russia. If you took down all 13, you would effectively render the internet useless within 12 hours.”

Ultimately, protecting the internet overall is more important than protecting Russians’ online experience, Schaeffer and his team decided.

Cutting off Russia “sets a bad precedent in that you don’t want to splinter the internet,” Schaeffer acknowledges. “But it’s a bad precedent to send your tanks in someone else’s country and then threaten to wipe them out with a cyberattack.”

================

Source link

Leave a Reply