Bye bye, Bynet Belarusian officials say foreigners are responsible for the country’s sudden Internet outages, but I.T. experts suspect the government is to blame
Belarusians have witnessed rolling Internet blackouts for the past three days. The major social networks, instant messengers, and search engines have been nearly inaccessible, while the rest of the world has been unable to open websites hosted on Belarus’s national domain (.by). President Alexander Lukashenko (Alyaksandr Lukashenka) and the Belarusian authorities say foreign cyberattacks are to blame for the sudden problems with Internet service, but I.T.-experts and human rights organizations say Belarus is in the throes of a state-orchestrated Internet shutdown.
Reports that Belarus might disable Internet access during the presidential race first started appearing several days before the presidential election concluded. On August 4, for example, the opposition Telegram channel Nexta Live published an image of a letter where a manager at a local company informed his staff about the likelihood of an Internet shutdown and listed instructions to prepare for such an event. Major media outlets soon started reporting similar information, citing anonymous sources claiming that the blackouts would begin late on August 8 (a day before the end of voting).
This is precisely what happened. The first reports about “Bynet” outages appeared late on August 8. Blackouts were even worse the next day, when large numbers of Belarusian Internet users said they could not access YouTube, the social networks Twitter, Facebook, and Instagram, the instant messengers WhatsApp, Telegram, and Viber, or various search engines like Google, Yandex, and Mail.Ru. Many people also reported problems with online payment systems. Both Wi-Fi and mobile Internet signals lost their connection to the World Wide Web.
Outside Belarus, Internet users started having problems accessing websites hosted on the .by domain, which belongs to Belarus. Access to other online resources hosted on servers in Belarus also began to falter.
By Sunday evening on August 9, Belarus was in the grip of a nationwide Internet blackout and the only means of contacting anyone inside the country was a telephone call. Before police officers attacked him in Minsk, Meduza special correspondent Maxim Solopov experienced the Belarusian Internet outage firsthand. As a result, he started checking in with our newsroom over telephone calls, before he was arrested around 1 a.m. on August 10.
By August 10, Internet service in Belarus worked partially, but access to major websites remained mostly limited. At the time of this writing, popular social networks and instant messengers can be accessed only through anonymizers, VPNs, and proxy servers.
The independent organization “Netblocks,” which monitors Internet access around the world, confirmed the problems with data transfers in Belarus. “Network telemetry from the NetBlocks Internet observatory confirm that Internet connectivity in Belarus has been significantly disrupted as of Sunday, August 9, 2020, amid tense presidential elections. Outages increased in severity through the day producing an information vacuum as citizens struggled to establish contact with the outside world. The incident is ongoing as of Tuesday afternoon,” the group said, adding that widespread service failures in Belarus began on the morning of August 9, as polling stations opened.
In addition to popular social networks and instant messengers, early targets in the Internet blackout were the websites of major independent news outlets like Nasha Niva (Nn.by), Tut Bai (Tut.by) и AFN (Afn.by), the last of which periodically displayed a message that read: “Access to this information resource is restricted on the basis of a decision by the Belarusian Information Ministry, adopted in accordance with mass media laws.” Access to the online election monitoring platforms “Zubr” (zubr.in) and “Golos” (belarus2020.org) was also spotty.
Editors at Tut.by say many readers can’t access the website because the outlet’s Internet service provider suddenly capped its bandwidth at 25 percent of its normal capacity. “We’ve been unable to get an explanation from [our ISP] Beltelecom about why this happened or how long these restrictions will last. At the moment, access to Tut.by depends primarily on luck at any given moment. We are unable to do anything about this right now but we are making every effort to remedy the problem. Our hardware and software are working around the clock to reduce the burden on the servers. We were forced to disable third-party services, advertising, and some sections of the site,” said Tut.by’s news team in a post on Telegram.
So is Belarus under cyberattack or not?
According to the Belarusian government, the nation’s Internet connectivity issues are the result of foreign cyberattacks. On the morning of election day, the National Center for Response to Computer Incidents of the Republic of Belarus (Cert.by) — a task force created by President Lukashenko — declared that the Bynet’s infrastructure was experiencing a “massive wave of DDoS-attacks” that began the previous evening.
“It should be noted that technical solutions to defend ISPs (anti-DDoS) repelled these attacks, but we are aware of reports that some equipment has started malfunctioning,” Cert.by said in a statement, explaining that there were at least two separate DDoS-attacks that each last about one hour and reached a peak strength of 203 gigabits per second. According to Cert.by, the attacks affected the websites of local KGB offices, the Interior Ministry, and several media outlets.
Belarus’s state Internet service provider, Beltelecom, which owns roughly 90 percent of all fixed communication channels in the country, offered a similar explanation for the Internet service outages: “Since August 8, Beltelecom has tracked a significant spike in traffic coming from external IP networks outside Belarus. Over the past several days, the company’s systems have recorded multiple cyberattacks of varying intensity against government agencies’ websites and Beltelecom’s resources. This has significantly overloaded network channels, service outages, and disabled telecommunications equipment, reducing customers’ access to certain online resources and services,” the company explained in a statement.
In remarks to the press, Alexander Lukashenko directly blamed the country’s Internet blackouts on hostile foreign actors. “Our specialists are now determining where this shutdown is coming from. So if the Internet is working poorly, that’s not our doing but an initiative from abroad,” the president said.
But officials at RIPE NCC (the Regional Internet Registry for Europe, the Middle East, and parts of Central Asia) have expressed doubts about Lukashenko’s version of events. Externally shutting down Internet access is extremely difficult in a technical sense and it’s virtually impossible to maintain for an extended period of time, RIPE NCC communications director for Eastern Europe and Central Asia Maxim Burtikov told Meduza.
“The Internet is a network of networks distributed according to its original design: without a center or a periphery. The stability of a system like this is that it’s based on the approach that each point in the system is able to communicate with every other point in the system, hence it is a ‘network of networks.’ The organizing principle here is the opposite of those on which familiar centralized and regulated systems are built,” explains Burtikov. “The more ISPs and networks under their control in a country, the more foreign connections to external networks, the more infeasible any external shutdown becomes. Unfortunately, not everyone fully understands that distribution is equal to stability, and you have some countries where the state regulates the construction of networks and international connections, including in Belarus. This reduces the Internet’s stability and in turn makes it more vulnerable to external and internal threats and other interference in Internet performance.”
The state in Belarus does in fact regulate international Internet connections. All cross-border gateways into and out of the country belong to Beltelecom and the National Center for Traffic Exchange (NTsOT). In practice, this means that all other ISPs in Belarus, by default, lack access to foreign channels. To offer clients access not only to Bynet websites but also to foreign Internet content, Belarusian providers need peer-to-peer channels with either Beltelecom or NTsOT. In other words, communication networks in Belarus are centralized to a certain degree, but “shutting off all international data routes externally” even in this structure “is virtually impossible and would require the complex coordination of many companies in multiple countries,” Maxim Burtikov told Meduza.
Additionally, other ISPs in Belarus haven’t reported any cyberattacks from abroad. “MTS Belarus” and “A1 Belarus,” for example, have both told subscribers that Internet service problems are due to “external-provider restrictions.”
Censorship games
On his Telegram channel, “Red Shield VPN” founder Vladislav Zdolnikov wrote: “They’re playing with Border Gateway Protocol connectivity in Belarus, disconnecting communications with certain segments of the Internet.”
“Since there’s no developed mechanism [in Belarus] for blocking traffic, all these ‘segmented’ disconnections are happening in a big mess. Right now, Beltelecom is filtering requests to certain services from its networks and the networks of connected ISPs, meaning it’s disrupting communications with these services and weighing the public reaction and the technical effects, and making sure other resources that need to remain accessible don’t crash,” Zdolnikov says.
Mikhail Kilmarev, the executive director of the Internet Protection Society, also told Meduza that Internet outages in Belarus could be the result of attempts to filter traffic to certain services. “All ISPs in Belarus are required to connect to the global Internet through NTsOT or Beltelecom. In 2018, NTsOT issued a $2.5-million government contract to acquire hardware capable of Deep Packet Inspection [a form of computer network packet filtering with broad applications for Internet censorship]. According to the information I have, at some point, all traffic in the country started getting sent through a single node. This was probably DPI. Why do I think it’s DPI? Because it was after this that certain VPN services that work on open protocols suddenly started disconnecting by some miracle. Also, at one point, traffic completely flatlined, which is why Internet service disappeared across the country for some time. They bought the DPI hardware two years ago, but traffic volumes have grown since then and they didn’t calculate the capacity when they decided to route all traffic through the DPI,” speculates Kilmarev.
Kilmarev also says the Belarusian authorities’ explanation for why Internet service is failing nationwide does not add up. “How are you supposed to shut down the Belarusian Internet from outside the country? You’d need every country connected to Belarus to come to an agreement and turn it off together. As for DDoS-attacks, there are plenty of anti-DDoS technologies that successfully repel attacks without disabling an entire country’s Internet access. Moreover, ISPs usually counter powerful DDoS-attacks collectively, which requires showing whatever measurement data and logs. Whereas any idiot can cry ‘I was hacked,’” Kilmarev says.
Oleg Artamonov, the head of scientific and technical expertise at the Direct Democracy Party, has also said the most likely reason for Belarusian Internet service outages are actions by Beltelecom, not attacks from abroad. “Beltelecom probably hurried to try to block specific services completely or to disrupt their functionality as much as possible, ignoring the collateral damage,” says Artamonov.
On August 10, the “Agora” international human rights group formally appealed to communications commissioners at the United Nations about the Internet shutdown in Belarus. Signed by 30 human rights organizations from around the world, Agora’s letter states that these groups believe the Belarusian authorities deliberately attempted to isolate local Internet users from the outside world.
“In recent years, international law has developed objections to arbitrary Internet shutdowns. In the view of [the undersigned] human rights organizations, the Belarusian authorities’ actions violate not only international norms but also local telecommunications laws, which state that communications and Internet access can be suspended or restricted only in emergency situations or during war or disasters,” says Agora’s letter to the UN. The human rights advocates also ask the United Nations to request information from Belarus about its Internet outages and to urge Minsk to observe the international legal ban on arbitrary Internet disconnections.
Translation by Kevin Rothrock