The failure in RuNet that occurred on January 30 and partially disrupted the security of a number of resources could have provoked the activity of fraudsters. But cybersecurity experts did not see a surge in thefts
Almost immediately after the large-scale failure in RuNet that occurred on January 30, the Center for Monitoring and Control of the Public Communications Network (CMU CCCN; created on the basis of the enterprise "Main Radio Frequency Center" subordinate to Roskomnadzor) sent out instructions to telecom croatia whatsapp number database operators - by 9:00 on Wednesday, January 31, to turn back on the DNSSEC protocol, problems with which led to the fact that for several hours, users of mobile and home Internet were unable to open sites in the .ru zone. Two sources in the telecommunications market told RBC about this.
DNSSEC is a protocol that improves the reliability of authentication in the Domain Name System (DNS) by using digital signatures based on cryptographic keys. DNS is needed so that users can visit websites, send emails, or post on social networks using human-readable domain names (such as rbc.ru): it converts them into a numeric IP address that is understandable to servers, routers, and other devices used to transmit traffic. This system was developed in the 1980s, when the Internet was not so large and its security was not a top priority, which is why DNS servers have no way to verify the authenticity of the response when they make requests to each other. Without DNSSEC, there is a risk that some attackers can spoof the IP address and direct the user not to the site they wanted to visit, but to a potentially malicious one.
RBC looked into what the problems with DNSSEC were connected to and whether Russian users encountered threats during its temporary shutdown.
On Tuesday, January 30, at approximately 18:30 Moscow time, many RuNet sites began to open slowly or did not open at all. As representatives of the Ministry of Digital Development later explained, the unavailability of sites in the .ru zone was caused by a technical problem related to the global DNSSEC infrastructure. At 22:20, the ministry reported that the problem had been fixed, but problems with DNS operation may still be observed for some time.
As Alexey Uchakin, Director of Infrastructure at the cloud provider EdgeCenter, explained to RBC, the cause of the failure was that "the procedure for updating the keys for the .ru zone did not go according to plan." "There are no details yet, but most likely, due to a software error or human error, an incorrect encryption key was generated to sign the .ru zone, which was distributed across the DNS servers. Having received an incorrect signature, they stopped considering responses from the .ru zone valid and giving them to clients - sometimes even with DNSSEC disabled," Uchakin said. After employees of the Coordination Center for .ru/.рф domains updated the key again and it was distributed across the global DNS infrastructure, everything returned to normal, and by the morning Moscow time no consequences were felt, Uchakin continues. He noted that such errors happen regularly in different domain zones.
Nikita Tsaplin, CEO of the hosting provider RUVDS, also points out that incidents with DNSSEC "happen all over the world with enviable regularity and it is difficult to call this something completely "out of the ordinary". At the same time, he did not rule out that the failure in Russia could be connected with the testing of certain measures aimed at the sovereignty of the Internet. "For example, the idea of switching to national DNS servers was previously voiced at the state level, and in theory the current failure could be connected with the test transition to them," he reasons. "The replacement of the DNSSEC signing key could be connected both with the transition to national DNS and simply with the approaching expiration of the previous key."