UK Atomic Weapons Web Traffic Accidentally Routed Through Ukraine

With the most intense US-Russia proxy war in recent memory still festering in Eastern Ukraine, Washington has been keen on sending a strong message to the Kremlin. Even as US allies in Europe are busy fostering global instability by supporting infrastructure development in Asia and waffling on providing “defensive” weapons to Kiev, Washington is working hard to shore up the world’s defenses against tyranny. For instance, just last week the US took the following steps to make the world a safer place for democracy: 1) delivered 120 armored units, including tanks, to Latvia, 2) advised Vietnam to stop allowing Russian bombers to refuel at a former U.S. airbase, and 3) suggested that the UK’s excessive “accommodation” of China is getting dangerous. 

Despite Washington’s best efforts to promote stability, things keep getting in the way. As RT reports

Sensitive data from around 170 major companies, including the UK’s Atomic Weapons Establishment and Lockheed Martin, might have been compromised after British Telecom web traffic was accidentally rerouted through Ukraine.


The hijacking of the companies took place over a 90-minute period Thursday, while many British Telecom customers experienced diverted traffic for five days, starting from Saturday, Dyn, Internet performance company, said in a report.


Several UK government bodies were affected by the problem, including the Royal Mail and the country’s Atomic Weapons Establishment, which is “responsible for the design, manufacture and support of warheads for the United Kingdom’s nuclear deterrent.”

Here’s more from Dyn Research

Beginning on Saturday, Ukrainian telecom provider, Vega, began announcing 14 British Telecom (BT) routes, resulting in the redirection of Internet traffic through Ukraine for a handful of British Telecom customers.  Early yesterday morning, Vega announced another 167 BT prefixes for 1.5 hours resulting in the rerouting of additional traffic destined for some of BT’s customers, including the UK’s Atomic Weapons Establishment, the “organization responsible for the design, manufacture and support of warheads for the United Kingdom’s nuclear deterrent.”

Ok, so web traffic intended for the UK agency in charge of nuclear bombs (which, according to its website, “works to keep the world safe by delivering nuclear warheads”) was accidentally routed through Ukraine — no big deal, because surely this type of sensitive information isn’t susceptible to being commandeered. 

Here’s RT again, quoting Dyn: 

...the sensitive data was put at risk as routing is based “entirely on trust, it’s relatively easy to commandeer IP address space that belongs to someone else.


Unnecessarily sending the data to Kiev may have made it possible for employees with privileged network access to Ukrainian telecom provider Vega to monitor or tamper with data that wasn't encrypted end-to-end using strong cryptography."

Bottom line: in a world where Nutella-eating, Twitter-savvy extremists are creating their own social networks, the West needs to expend more resources to ensure the inviolability of sensitive web traffic.