.ru Not Working?

12373291084?profile=RESIZE_400xRussian citizens could not access the majority of websites on the country’s .ru domain for several hours on 30 January, including the Yandex search engine, the VKontakte social media platform, the major state-owned bank Sberbank and various news outlets.

The outage was reportedly caused by a technical problem with the .ru domain’s global Domain Name System Security Extensions, or DNSSEC.  It appeared to be unintentional, unlike other recent blackouts of Russian internet services, which observers have tied to government intervention.[1]

DNSSEC is a set of tools that adds extra security to the naming system, which translates human-readable web addresses into computer-friendly IP addresses.  DNSSEC also verifies the authenticity of a response from a DNS server, protecting it against IP address spoofing, which is often used by hackers in their attacks.

The majority of complaints about internet disruption came from Moscow, St. Petersburg, Tatarstan, Sverdlovsk, and Novosibirsk regions, according to Russian media.  In Moscow, local residents said they couldn't pay with banking apps and access state services.  Internet users abroad also couldn't access numerous Russian websites.  After the nearly four-hour outage, Russia’s Digital Ministry said that the problem had been resolved, and access to the majority of websites was restored.  “The issue may continue for some time until the updated data is distributed throughout the domain name system," the statement reads.

The 30th blackout was the biggest one this month.  Earlier in January, Russia experienced a social media outage, likely caused by the state internet regulator, Roskomnadzor.  A similar incident happened in a remote Russian region and was likely connected to protests there, as local authorities wanted to check how shutting down messengers could impact the protestors.

The .ru outage affected hundreds of websites, not just specific services. Russian tech media reported that the problem was caused by an incorrect DNSSEC zone signature.  This cryptographic signature is applied to the DNS zone data of a specific domain to ensure the integrity and authenticity of the information.

Anonymous sources told the Russian media outlet Kommersant that the outage was either a mistake made by the DNSSEC zone administrator, the Russian coordination center for .ru domains, or its contractors.

A similar issue previously affected Australia's .au domain.  Approximately 15,000 domain names were unavailable for approximately one hour in March 2022. Russia also had a DNSSEC outage in 2019.  It is a common glitch.  Dozens of countries have experienced them over the last decade, with the median duration of an outage being eight days, according to a website called IANIX that monitors such incidents.

The Russian digital rights organization Net Freedoms Project said that the latest outage could be an attempt by the Kremlin to test a National Domain Name System (NDNS) aimed at isolating the Russian internet from the rest of the world.  Russian internet regulators said that subscribers to NDNS did not experience outages on Tuesday.

On the same day as the Russian internet shutdown, Ukraine’s defense intelligence (HUR) announced that it knocked out a server used by Russia’s defense ministry, disrupting communications for some of Moscow’s military units.  “As a result of the cyberattack, the exchange of information between the units of the Russian Ministry of Defence, which used the mentioned server located in Moscow, was suspended,” HUR said.

The DNSSEC issue and HUR’s operation are likely not connected.

This article is presented at no charge for educational and informational purposes only.

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization.  Call for assistance.  For questions, comments, a demo or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com   

 

Weekly Cyber Intelligence Briefings:

 

Reporting: https://www.redskyalliance.org/

Website: https://www.redskyalliance.com/

LinkedIn: https://www.linkedin.com/company/64265941

Weekly Cyber Intelligence Briefings:

 

REDSHORTS - Weekly Cyber Intelligence Briefings

https://attendee.gotowebinar.com/register/5993554863383553632

 

 

[1] https://therecord.media/russia-top-level-domain-internet-outage-dnssec/

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!