Amazon Traffic Hijacked - or Why You Don’t Give Anyone a Monopoly Government Contract
Oops….
We have been doing much to call attention to the looming prospect of the United States Defense Department (DoD) handing online retail giant Amazon a ten-year, $10 billion (and likely more) monopoly contract to provide all of its cloud storage.
This is a horrendous idea - for a whole host of reasons.
Let us begin with the cronyism.
The government departments that do the contractor choosing - were created by the Barack Obama Administration. So it is chock full of uber-Left Silicon Valley cronies. Always on the lookout for opportunities to reward with massive government money campaign contributors like…Jeff Bezos - owner of Amazon. (Oh - and of “news”paper The Washington Post.)
Included in this gaggle of Leftist tech bureaucrats - is a bunch of ex-Amazon employees. And these people write the the specifications a cloud storage company must meet to get the massive government coin. And Amazon - and only Amazon - met the specifications. What a galloping shocker that is.
But of all the reasons national security monopoly contracts are a bad idea - and there are a bunch of them - the most important reason is the lack of backups and redundancies. You do not want to rely on one source of anything…for anything.
As we at the outset of this nightmare mess noted:
“If you have but one provider - and it suffers a service interruption - the entire Defense Department suffers service interruption.
“And for our military men and women serving in some really bad areas around the globe - service interruptions can and will be deadly.”
And no one is immune to service interruptions. No one. Not even $768-billion-Amazon.
Suspicious Event Hijacks Amazon Traffic for 2 Hours: “Amazon lost control of a small number of its cloud services IP addresses for two hours on Tuesday morning when hackers exploited a known Internet-protocol weakness that let them to redirect traffic to rogue destinations.
“By subverting Amazon's domain-resolution service, the attackers masqueraded as cryptocurrency website MyEtherWallet.com and stole about $150,000 in digital coins from unwitting end users. They may have targeted other Amazon customers as well.
“The incident, which started around 6 AM California time, hijacked roughly 1,300 IP addresses, Oracle-owned Internet Intelligence said on Twitter. The malicious redirection was caused by fraudulent routes that were announced by Columbus, Ohio-based eNet, a large Internet service provider that is referred to as autonomous system 10297.
“Once in place, the eNet announcement caused Hurricane Electric and possibly Hurricane Electric customers and other eNet peers to send traffic over the same unauthorized routes. The 1,300 addresses belonged to Route 53, Amazon's domain name system service….
“The highly suspicious event is the latest to involve Border Gateway Protocol, the technical specification that network operators use to exchange large chunks of Internet traffic. Despite its crucial function in directing wholesale amounts of data, BGP still largely relies on the Internet-equivalent of word of mouth from participants who are presumed to be trustworthy.
“Organizations such as Amazon whose traffic is hijacked currently have no effective technical means to prevent such attacks.”
Get the last part? “Amazon…(has) no effective technical means to prevent such attacks.”
That’s very reassuring. Let’s hire Amazon for every single data bit of DoD cloud storage.
Amazon responded to the attack:
“Neither AWS nor Amazon Route 53 were hacked or compromised. An upstream Internet Service Provider (ISP) was compromised by a malicious actor who then used that provider to announce a subset of Route 53 IP addresses to other networks with whom this ISP was peered. These peered networks, unaware of this issue, accepted these announcements and incorrectly directed a small percentage of traffic for a single customer’s domain to the malicious copy of that domain."
Ok…. But that doesn’t address the fact that we absolutely shouldn’t hire Amazon - and only Amazon - for every single data bit of DoD cloud storage.
Because no one is immune to service interruptions. No one. Not even $768-billion-Amazon.
As we at the outset of this nightmare mess suggested:
“The Defense Department should build-in to their cloud computing what they build-in to just about everything else they do - multiple redundancies.
“Defense should have at least two providers providing each portion of the cloud service - so that if one crashes, you have at least one at-the-ready backup.
“So, say, at a bare minimum: Five providers - each providing 40% of the necessary services. For government school victims - that makes 200%. Which means two providers each are providing every part of the total cloud service.
“Backup. Fail-safe. Redundancy.
“Not one provider - all by its onesies, providing all of the service.”
Because no one is immune to service interruptions. No one.
Not even $768-billion-Amazon.
This first appeared in Red State.