Singularity Law

In my last post, I noted that the Internet is incredibly vulnerable to outages at various points where there is little or no redundancy. A recent event seems to indicate that global Internet vulnerability is more serious than I thought. According to news reports, the Pakistan Telecommunication Authority told Internet service providers within the country to block access to YouTube due to an allegedly blasphemous clip that had been posted. But instead of just blocking YouTube access in Pakistan, the ISPs ended up blocking access to YouTube by the entire Internet. The result was that YouTube was unavailable anywhere in the world for two hours!!!

According to Internet experts, in its effort to block YouTube within the country, Pakistan Telecom created a dummy route that sent YouTube traffic into a “black hole.” Pakistan Telecom then announced that dummy route to its own telecommunications partner, PCCW, based in Hong Kong. PCCW accepted that dummy route for YouTube and relaying it to other Internet providers around the world. Apparently, ISPs now had two conflicting online “roads” leading to YouTube. But because an important online protocol called Border Gateway Protocol favors longer routing addresses, which are thought to be more specific, at least 97 major ISPs and thousands of smaller ones chose the dummy route, Pakistan’s black hole, for YouTube.

When YouTube realized the problem, YouTube began telling ISPs that they should direct traffic around Pakistan’s dummy route. YouTube also removed the video clip that had concerned the Pakistani officials.

Steven M. Bellovin, a professor of computer science at Columbia, said the same Internet routing problem had been exploited in the past by spammers and others, but he was worried that it could be more widely used now that people are aware of how easy it is to create the same scenario via a couple of emails. “If it’s a big site that’s affected, it will be spotted and dealt with within an hour or so, as happened this time,” he wrote in an e-mail message. “If it’s a small site, it might take a lot longer to find someone who would think to look at this.”

Bellovin sums up the question very succinctly: “The question is this: When is the pain from routing incidents great enough that we’re forced to act? It would have been nice to have done something before this, since now all the world’s script kiddies have seen what can be done.”