Orange España, kamfanin sadarwa na biyu mafi girma a Spain, ya gamu da babbar matsala a ranar Laraba bayan da wata kungiya da ba a san ta ba ta sami damar yin amfani da asusu don sarrafa tebur na zirga-zirgar ababen hawa ta duniya ta hanyar amfani da kalmar sirri "mai rauni". Tun daga 9:28 UTC, mutumin da ke amfani da sunan mai amfani Snow ya shiga cikin asusun Orange's RIPE NCC ta amfani da kalmar ripeadmin. RIPE NCC ita ce ke da alhakin gudanarwa da rarraba adiresoshin IP kuma tana hidimar kasashe 75 a Turai, Gabas ta Tsakiya da Tsakiyar Asiya.
Dusar ƙanƙara ta fara ƙara sabbin ROAs (Hanyoyi Origin Izini) zuwa tebirin kewayawa na duniya, wanda da farko bai haifar da wata gazawa ba. Koyaya, daga baya Snow ya ƙara ROAs tare da "maɓuɓɓukan karya", wanda ya haifar da raguwa sosai a cikin ingantattun hanyoyin Orange, wanda hakan ya haifar da gazawar sabis. Matsalar ta ta'azzara ta hanyar amfani da tsarin RPKI (Resource Public Key Infrastructure), wanda aka ƙera don hana tsangwama ba tare da izini ba, wanda ya sa hanyar sadarwar Orange ba ta aiki yadda yakamata.
Hudson Rock ya gano takaddun shaida na siyar da shagunan kan layi waɗanda aka sace ta hanyar amfani da malware da aka sanya akan kwamfutar Orange tun watan Satumba. Masu binciken sun kuma lura da dubunnan sauran bayanan kariya na asusun RIPE da ake samu akan irin waɗannan kasuwanni.
Wannan lamarin yana nuna rashin ƙarfi na tsarin BGP kuma yana fallasa manyan matsalolin tsaro a Orange. Yin amfani da kalmar sirri mai rauni da rashin tabbatar da abubuwa da yawa, da kuma malware da aka sanya a kwamfutar ma'aikaci wanda ba a gano shi ba har tsawon watanni hudu, manyan kasawa ne da bai kamata a taɓa faruwa a cikin ƙungiyar ma'aunin Orange ba. Masu bincike suna fatan wannan lamarin zai zama abin tayar da hankali ga sauran masu ba da sabis kuma ya sa su tsaurara matakan tsaro.
source: linux.org.ru