Kentik Director of Internet Analysis Doug Madory observed this morning that traffic to Russian state ISP Rostelecom dropped significantly in the wake of its attempt to throttle Twitter. The outages seem to have been caused by a poorly crafted substring in a blocklist/network shaping tool maintained by Russia’s Roskomnadzor bureau.
What Roskomnadzor intended was to slow down access to Twitter’s link shortening service, t.co. All links embedded in tweets are automatically wrapped through this service, which enables Twitter to monitor the types and quality of links its users share.
Russian authorities have railed against Twitter for some time due to the service’s failure or refusal to remove content illegal in Russia. This includes content that is illegal in most of the world and violates Twitter’s own terms of service, such as self harm and child sexualization—but Roskomnadzor only claims 2,000 or so such posts over the course of a year. It seems likely that the real sticking point for the agency is posts encouraging children to join Russian opposition protests.
PBS reports on the unintended effects of Roskomnadzor’s Twitter throttling:
As the Russian authorities slowed down Twitter, some government websites suffered outages and access problems. It’s not clear if the events were connected, and some experts suggested they could have been the result of unrelated cyberattacks. The Ministry of Digital Development acknowledged outages on some government websites but said they were linked to equipment problems at communications provider Rostelecom.
Madory credits Russian 3D artist Gregory Kodyrev with finding a link between the Twitter throttle and far more widespread slowdowns—apparently, Roskomnadzor inadvertently blocked or throttled all domains containing the string
t.co rather than blocking only the domain
t.co itself. This would cause the throttle or block to be applied to—for instance—microsoft.com, reddit.com, and even Russian state-operated news site rt.com.
We do not have access to any IP addresses behind Roskomnadzor’s traffic filtering service in order to test this claim, but it appears to be a reasonable explanation for the concrete observations of reduced traffic to Rostelecom networks.