Incompetents, criminals, or spies: Macroeconomic analysis of routing anomalies

Route anomalies, beyond simple leaks, are occurring on the order of tens of thousands a year. These may be accidents. There is anecdotal evidence that indicate many of these are in fact crimes. There are case studies that illustrate the use of these for national intelligence. Any given anomaly could be an accident, a crime, or an attack. To understand the nature of routing anomalies we offer an empirical investigation using multiple regression and unsupervised learning to analyze anomalies over a four-year period. If BGP anomalies are a result of limited technical competence, then countries with low levels of education, few technology exports, and less expertise should be over-represented. If BGP anomalies are crime, leveraged by criminals for profit, then economic theories and analytical approaches from criminology should show statistical significance. Or, if BGP anomalies are primarily used by national intelligence agencies to attack either internal dissidents or other countries, then the presence of conflict and measures of quality of governance are possible indicators. We examine anomalies as likely incompetence, potentially ecrime, or intelligence operations using macroeconomics and leveraging three theories from criminology, as well as global measures of technology adoption. We found that exports of technology were not statistically significant, undermining the argument for incompetence. We found support for the possibility that anomalies are driven by crime, specifically for the guardianship and relative deprivation theories of crime. In addition to these findings from regression analysis, clustering indicates that civil conflict and surveillance are associated with the disproportionate origination of routing anomalies.