Using Open Source Internet Routing Tools to Monitor a Sanctioned Russian Bank
An analysis of over a thousand companies and organisations connected to European internet service providers (ISPs) by Dutch outlet Investico and Bellingcat reveals that some sanctioned entities are able to exploit the free flow of the world wide web. This article explores how open source tools can be used to investigate these connections and monitor the activities of sanctioned banks, using Sberbank as an example. It also discusses the complexities and risks associated with economic sanctions on the internet.
Understanding Internet Routing
To understand how open source tools allow investigators to discover connections between networks, it's important to have a clear definition of the Internet. The Internet is a framework that allows separate computer networks, known as Autonomous Systems (AS), to communicate with each other. These ASes are connected through publicised routes using the Border Gateway Protocol (BGP), which enables the exchange of data between networks. BGP Tools is an online resource that provides tools and information for collecting, processing, and visualizing routing data.
Tier 1 ISPs are the backbone of the Internet and have global reach, allowing them to send and receive data from any internet connected computer without relying on other network operators. Other smaller networks often pay these Tier 1 ISPs to transit their traffic and gain access to the global network. Understanding the relationships between networks can help identify economic connections and dependencies.
BGP Tools can determine these relationships by analyzing the overall structure of the network. By looking at the connections between networks, it is possible to identify upstream peers, settlement-free peering relationships, and economic relationships.
Monitoring Connections of Sanctioned Banks
Using BGP Tools, investigators can analyze the connections of sanctioned banks like Sberbank. By examining the upstream and peering relationships of the bank's networks, it is possible to identify business agreements with other ISPs and transit providers. In the case of Sberbank, it was found that the bank has a business relationship with RETN, a UK-based network transit provider, as well as several Russian ISPs. This suggests that Sberbank pays for its traffic to be carried through these networks.
However, the interpretation of economic sanctions on the internet is complicated and ambiguous. Experts and lawyers have different opinions on whether exemptions for telecommunications apply to sanctioned banks. This lack of clarity leads to inconsistencies in how companies and ISPs interpret and implement sanctions. Some companies choose to disconnect sanctioned customers, while others continue to provide connectivity, creating risks and instability in the global internet.
Monitoring the connections and activities of sanctioned banks is important to ensure compliance with sanctions and prevent further exploitation of the internet. Open source tools like BGP Tools and RIPEstat can provide valuable insights into these relationships and help investigators assess the impact of sanctions on network connectivity.
Internet Registries and IP Address Allocation
Internet registries, like RIPE, play a crucial role in the allocation of AS numbers and IP addresses. These registries allocate unique identifiers to networks and ensure their registration in the global database. This registration is necessary for networks to be reachable and connected to the Internet. The scarcity of IPv4 addresses has led to the secondary market where addresses are sold for a high price.
RIPEstat is a toolbox provided by RIPE that offers additional information about networks and their registration. It allows users to explore networks in more detail, including their connections, registration details, and historical data. With RIPEstat, investigators can delve deeper into the relationships between networks and understand the dynamics of network connectivity over time.
PeeringDB is another useful tool that provides information about internet exchange points. These data centers enable networks to exchange data with each other, and PeeringDB offers insights into the networks that peer at these exchange points. While it relies on self-reported data, it can still provide valuable information about network connections and policies.
