India’s recent ban on Telegram has made headlines globally, but what’s received less attention is how the block affected users in nearby countries like the UAE. As it turns out, the Indian telecom giant Reliance was accused of using BGP hijacking to enforce the ban, disrupting access for users as far away as the Middle East.
Just last week, India’s Ministry of Electronics and Information Technology invoked Section 69A of the IT Act to restrict access to Telegram nationwide until June 22. The decision came after an investigation found that leaked exam papers were being sold through a Telegram group. But what happened next raised eyebrows worldwide: as digital rights groups like the Internet Freedom Foundation (IFF) pointed out, the ban might be disproportionate and even constitutionally incompatible.
However, things took a turn for the worse when users outside of India began to get affected by the block. In an exclusive X post, Telegram CEO Pavel Durov alleged that Indian telecom Reliance was “sabotaging” access to Telegram for users beyond India’s borders through BGP hijacking. This meant that even networks in the UAE lost access to the popular messaging app.
So, what exactly is BGP hijacking? It’s a way of manipulating how internet traffic flows across the globe by announcing ownership of IP addresses and redirecting or disrupting traffic for legitimate owners. In this case, AS18101 (a network controlled by Reliance) began sending out unauthorized BGP announcements that affected users in the UAE.
Experts like Doug Madory from Kentik confirmed the hijack occurred, but surprisingly noted that it was limited due to route-origin validation and filtering methods already in place. Network researcher Anurag Bhatia independently verified this against publicly available routing data.
A detailed thread by Pranesh Prakash (a tech policy expert) walked us through the mechanics of the incident: a bad BGP announcement escaped RPKI invalidation filters via FLAG Telecom’s route leaked globally, and disrupted traffic not just in India but also elsewhere – including the UAE.
However, while the fact that there was a BGP hijack is undeniable, some dispute Durov’s claim of its intentionality. Pranesh believes this could be an accident rather than sabotage, echoing other experts’ views that it resembles Iraq’s 2023 incident, where a misconfigured domestic block leaked routes outward.
While we have no clear answer as to whether or not this was done intentionally, one thing is certain: the botched implementation put millions of users outside India at risk. This raises questions about accountability within Indian telcos and leaves many wondering how such blunders are possible.
In a separate turn of events, Telegram challenged the ban via the Delhi High Court last week. The court agreed to hear their plea urgently but postponed it until June 18 due to concerns that the case needs more time to be prepared.
The trigger behind this incident lies in the recent National Eligibility-cum-Entrance Test (NEET), one of India’s largest medical entrance exams which had a cheating scandal. Question papers were leaked before the May 3 exam through a paid WhatsApp group and coaching networks, leading many students to cancel the exam.
The ongoing case highlights concerns over digital freedom in the region, but also serves as a lesson on how easy it is to affect users beyond our borders due to complex internet routing systems. While we continue to follow the story closely, one thing’s for sure – internet service providers and governments have got some homework to do when it comes to ensuring these mishaps don’t happen again.
Why it matters:
The case of Telegram being blocked in India is not just a straightforward security measure but also an illustration of how digital freedoms can be affected at the global level. It’s crucial we address the issue of over-blocking, misuse of BGP hijacks and inadequate network security checks.
India has a huge number of online users, with millions relying on services like Telegram daily for communication. This makes it essential that these types of outages don’t happen ever again – even more so when considering what’s affected here weren’t just domestic users but also those across borders in the UAE.
Acknowledging mistakes made can be difficult but working towards solutions is the right move forward, not only for governments but also network owners who share huge responsibilities.
Source: Bleeping Computer
