According to the Pakistan Telecommunications Authority (PTA) while the blocking of the YouTube website over the weekend in Pakistan was intended the worldwide outage that saw the popular video streaming service become unavailable to huge swathes of the planet was accidental. Anyway, PTA spokesman Khurram Mehran assures us it is all OK now because it has "issued instructions to all internet service providers that YouTube should be unblocked as the specific content has been removed by the website." The specific content referred to being cartoons of the Prophet Mohammed which Pakistani authorities have described as being highly profane and sacrilegious.

I do not intend to get into the who religious debate, nor indeed the political one (some quarters have suggested the real reason for the ban was to block access to coverage of alleged parliamentary election rigging claims) as neither are my area of expertise. However, the fact that a nation can unilaterally initiate a near-global blackout of one of the most popular sites on the Web is rather worrying from the technical perspective and does not bode well in the fight against cyber-terrorism. It does not take a genius to make the leap from protesting against content on YouTube to protesting against the actions of another country.

Danny McPherson, the Chief Research Officer at Arbor Networks and part of the Security and Engineering Response Team (ASERT) has plenty of experience when it comes to analysing burgeoning security threats and has given plenty of thought as to exactly how the great YouTube blackout could have occurred from a technical perspective. The Deputy Director of Enforcement for the PTA had instructed all ISPs in Pakistan to immediately block access to 3 specific IP addresses, namely:, and which correspond to the DNS A resource records for YouTube. If you are an ISP in Pakistan and are issued with such a command from above, the chances are you react immediately and instinctively.
McPherson suspects that what might have happened is that one or more ISPs reacted in a bit of a panic and forgot that by deciding to abide by the directive using a BGP blackhole routing function, or something similar to it, and the default routing policy at that ISP is for the redistribution of all configured static routes into the globally advertised BGP routes. The net result being, according to McPherson "YouTube is currently unavailable because all the BGP speaking routers on the Internet believe Pakistan Telecom provides the best connectivity to YouTube. The result is that you've not only taken YouTube offline within your little piece of the Internet, you've single-handedly taken YouTube completely off the Internet." Now that sounds like a Denial of Service attack to me.

McPherson disagrees "I fully suspect that the announcements from Pakistan Telecom for YouTube address space were the result of a misconfiguration or routing policy oversight, and seriously doubt impact to YouTube reachability [beyond Pakistan's Internet borders] was intentional. The route announcements from Pakistan Telecom have long since been withdrawn (or filtered). We had a similar event at an ISP I worked for in 1998 (YES, a decade ago) - obviously, nothing has changed regarding this extremely fragile and vulnerable piece of Internet infrastructure since that time."

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.