Thursday, February 28, 2008

YouTube v Pakistan: a test on resilience

Technology news sites have been reporting this story, but I think that its importance has been downplayed. Last Friday, Pakistan Telecom blocked access to YouTube inside the country as a measure to censor the site because it contained criticism to the Prophet Mohamed (PBUH). However, this blocking exercise went slightly awry, as the blockade resulted in a two-hour global outage of YouTube.

In order to understand what happened, one has to understand how things get to us online. Sites are nothing but documents hosted in machines around the world. Those servers have IP addresses, which are also connected to the domain name. Browsers find out how to connect to those servers via a Domain Name Server, which gets to resolve addresses into domain names by updating them through the root nameserver system. There are thirteen such root servers, which know that www.youtube.com is hosted in servers with a certain IP address. What Pakistan Telecom did on Friday was to locally hijack that domain name, and told its local DNS servers that YouTube was hosted at a machine that was not the one where the content is normally hosted. This was a server in Pakistan setup to handle the requests to YouTube. The problem occured when the fake information was mistakenly communicated to one of the root nameservers hosted in Hong-Kong, and once there it was replicated to all of the other nameservers.

Depending on how often your ISP updates its tables, you would not have had access to YouTube for a period of time on Friday. YouTube and Google technicians found the source of the problem, and corrected it.

This case has several interesting IT Law implications. Firstly, there is the question of regulation through choke-points, the firewall system. This has proved to be rather more efficient than it was previously believed, but it is still easily bypassed if you know what you're doing. Pakistan operates inside a firewall, as I experienced when I visited the country in 2006, but because of VPN access, I was able to easily circumvent the ban.

The other issue is that this incident has unearthed a glaring vulnerability to the global domain name system. If you want to bring down a site, all you need to do is to trick one of the root nameservers into passing incorrect information to the others in the network. This in my opinion has tremendous governance implications.

Another question, could YouTube sue Pakistan Telecom?

Update: Seems like the guilty party was not the root nameservers, but routing tables.

2 comments:

fanf said...

Your explanation of what happened is wrong.

Pakistan tried to locally hijack YouTube's DNS servers by propagating the information that they were run by Pakistan Telecom, not by YouTube. This worked at the level of how IP addresses are routed using BGP. It was only tangentially relayed to the DNS, and the root name servers were not involved.

Their mistake was to propagate this bogus information through the whole world's IP address routing system, not just locally, and because the route they specified was more specific than the one advertised by YouTube, the Pakistan Telecom route took precedence. The problem was fixed when Pakistan Telecom's upstream connectivity providers started filtering out the bogus information from the routes advertised by PT.

Andres Guadamuz said...

Thanks for the explanation and the correction! I was under the impression that the replication had been passed to the DNS system through a rootserver, and that the Hong Kong Autonomica/NORDUnet server was to blame.

However, I do not understand how the propagation took place without involving the root nameserver system. I am guessing that routing tables are stored separately. Are they centrally controlled? If not, this makes the governance question even more relevant, and the potential implications for hacking, cyber-terrorism and web-warfare are even scarier than I had thought.