DDoS Attacks or National Internet Isolation: What Is Happening to Belarus’s Internet

On August 9, the main day of voting in Belarus’s presidential election, internet outages were reported across the country from early on. Since then, the internet in the country has never fully recovered.

Connectivity disappeared across the country about three hours ago. Then links began to restore, but very selectively.

All of this looks very bad. pic.twitter.com/NhWb4LpKBf

— Internet Protection Society (@safe_runet) August 9, 2020

Throughout the election day, Belarusians experienced problems logging onto websites, using messaging apps and mobile networks. By evening, the situation had deteriorated.

Update: Multiple Internet providers in #Belarus have lost routing as polling stations start to close from 8:00 p.m.; geolocated network data confirm the new disruption has nation-scale impact further limiting visibility of events #Belarus2020

? https://t.co/JcBhvhgVcR pic.twitter.com/EANVovMoWH

— NetBlocks.org (@netblocks) August 9, 2020

On August 10, the Internet was still working poorly, but with some improvements.

The problems were not limited to Belarus — local sites did not work in other countries.

The incumbent president, Alexander Lukashenko, attributed the connectivity problems to interference from abroad.

«Someone is itching to cause trouble; they are urging people to take to the streets. Even from abroad they disconnect the Internet to provoke public discontent. Our specialists are now examining where this blockage is coming from. Therefore, if the Internet is not working well, it is not our initiative, it is from abroad,» — Lukashenko is quoted by BELTA.

The country’s main operator Beltelecom stated that outages were caused “by foreign traffic in large volumes.”

The National Computer Incident Response Centre reported DDoS attacks on the BY-NET infrastructure. According to the centre, the attacks used UDP Flooding, UDP Fragment, UDP0 Flooding, DNS Flooding, ICMP Misuse and NTP Flooding.

The National Traffic Exchange Centre (NCOT) spoke of “observed DDoS attacks.”

Nevertheless, experts believe that foreign intervention is unlikely to be responsible for the disruption of Belarus’s Internet, and the DDoS explanation could be plausible if context is ignored.

«The incoming traffic within the attack could overload Beltelecom’s not-very-wide channels into the country, causing internet performance to degrade for all users. But we understand the context — the authorities have motivation to shut down the Internet, and there is no motive to attack government resources,» said Meduza founder Vladislav Zdolnikov.

He called in his Telegram channel reports of DDoS attacks on state resources “very funny news.” In Zdolnikov’s view, Belarus is “tinkering with BGP connectivity — i.e., disconnecting links to certain Internet segments.”

NetBlocks founder Alt Tokar stated that various Internet platforms were taken offline at different times:

«At the moment when some social networks and sites are blocked, access to others remains open. This appears to be a game in a specific Internet segment, where someone is trying to limit one platform’s operation while taking other services offline. We are dealing, apparently, with a very costly and crude approach to restrictions».

Lockouts in Belarus can operate effectively because the country maintains a monopoly on international Internet exit, according to independent ForkLog expert Alexander Isavin.

«And if there’s one hole, you simply close it,» he added.

The monopolists are Beltelecom and NCOT. All cross-border data transmission by other providers and operators is tied to these companies, said Mikhail Klimarev, executive director of the Internet Protection Society.

According to experts, Internet problems could stem from authorities’ use of deep packet inspection (DPI) equipment for blocking.

«What happened resembles clumsy experiments with DPI usage. At NCOT they tried to build a blocking system for disfavored sites and apps in a single day,» said ForkLog’s chief technical officer of RosKomSvoboda, Stanislav Shakirov.

There is information that as far back as 2018 NCOT planned to buy similar equipment.

If DPI was indeed used to block disfavored resources, it was not fully successful, but many areas of activity were affected.

In addition to many sites and messaging apps, problems began with cashless payments and navigation services.

«When you try to jam all unidentified traffic that might be VPN, Tor or other anonymity tools, you inevitably run into the blocking of critical infrastructure. Including financial infrastructure,» said Stanislav Shakirov.

Many VPN services were nonetheless blocked, as were most popular messaging apps.

«Since yesterday our platform has been blocked in Belarus, our users cannot communicate with their friends and family, and we cannot even reach our own staff through the app,» said Viber’s chief executive Джамел Агауа.

Belarusians use the Psiphon anonymizer and Telegram to access services.

«People could still communicate with each other in some way. It’s important that Telegram was able to work under such conditions when almost nothing else was functioning,» emphasized Mikhail Klimarev.

Telegram founder Pavel Durov said the messenger had enabled anti-censorship tools for Belarusian users, but noted that the Internet in the country “is sometimes completely down.”

We enabled our anti-censorship tools in Belarus so that Telegram remained available for most users there. However, the connection is still very unstable as Internet is at times shut off completely in the country. https://t.co/eA4S6Zz36H

— Pavel Durov (@durov) August 10, 2020

Rights advocates describe the situation as a “state Internet shutdown” and an assault on freedom of expression. More than 30 organisations have written an urgent appeal to the UN Special Rapporteurs on freedom of expression, peaceful assembly and human rights in Belarus.

«The Belarusian state operator Beltelecom and the National Traffic Exchange Centre said this was a DDoS attack. We interpret the situation as an attempt to isolate the national Internet segment,» the letter said.

Internet disruptionin Belarus by ForkLog on Scribd

DPI equipment for implementing the so-called sovereign Runet law was installed in Russia as well.

«That very dream of a sovereign Runet — it was realized in Belarus. Nobody liked it,» said Mikhail Klimarov .

As of writing, full Internet operation in Belarus had not yet been restored.

Author: Alina Saganovskaya.

Subscribe to ForkLog news on Telegram: ForkLog Feed — the full news stream, ForkLog — the most important news and polls.