UK web traffic mysteriously sent through Ukraine

Adversaries in Ukraine may have gained access to sensitive communications from more than 150 companies this week, including a defense contractor involved in creating nuclear warheads.

Web traffic for roughly 170 clients of British Telecom was mysteriously routed through Ukranian servers for a period of about 90 minutes on Thursday, according to researchers from Dyn, an Internet performance company.

ADVERTISEMENT
The companies included the U.K.’s Atomic Weapons Establishment, Lockheed Martin, Wal-Mart, Hitachi, Toshiba, a helicopter company and at least one bank.

“Unnecessarily sending the data to Kiev may have made it possible for employees with privileged network access to Ukrainian telecom provider Vega to monitor or tamper with data that wasn't encrypted end-to-end using strong cryptography,” Ars Technica Security Editor Dan Goodin wrote in a blog post on the finding.

Dyn did not conclude whether the mix-up was a “curious mistake or something more,” though it is not the first time that the firm has identified a possible “man in the middle” cyberattack: they reported in 2013 that data from network service providers and financial institutions was routed through Belarus and Iceland in 2013.

Experts expect this kind of activity to become more common as a means for accessing sensitive communications.