When Local Blocks Go Global: The India-Telegram BGP Incident | Kentik BlogSlide 1 of 1
New AI Advisor features accelerate troubleshooting and MTTR•<br>Read the blog
New AI Advisor features accelerate troubleshooting and MTTR•<br>Read the blog
New AI Advisor features accelerate troubleshooting and MTTR•<br>Read the blog
Table of contentsBackgroundWhat happened?Intentional, but also accidentalConclusion
Join our network<br>Sign up for the best of Kentik, from articles to analysis and more.
CountryUnited States of AmericaCanada──────────AfghanistanÅland IslandsAlbaniaAlgeriaAmerican SamoaAndorraAngolaAnguillaAntarcticaAntigua and BarbudaArgentinaArmeniaArubaAustraliaAustriaAzerbaijanBahamasBahrainBangladeshBarbadosBelarusBelgiumBelizeBeninBermudaBhutanBoliviaBonaire, Sint Eustatius and SabaBosnia and HerzegovinaBotswanaBouvet IslandBrazilBritish Indian Ocean TerritoryBrunei DarussalamBulgariaBurkina FasoBurundiCambodiaCameroonCanadaCape VerdeCayman IslandsCentral African RepublicChadChileChristmas IslandCocos (Keeling) IslandsColombiaComorosCook IslandsCosta RicaCote d'IvoireCroatiaCubaCuraçaoCyprusCzech RepublicDemocratic Republic of the CongoDenmarkDjiboutiDominicaDominican RepublicEcuadorEgyptEl SalvadorEquatorial GuineaEritreaEstoniaEswatiniEthiopiaFalkland Islands (Malvinas)Faroe IslandsFijiFinlandFranceFrench GuianaFrench PolynesiaFrench Southern TerritoriesGabonGeorgiaGermanyGhanaGibraltarGreeceGreenlandGrenadaGuadeloupeGuamGuatemalaGuernseyGuineaGuinea-BissauGuyanaHaitiHeard Island and McDonald IslandsHoly See (Vatican City State)HondurasHong KongHungaryIcelandIndiaIndonesiaIraqIrelandIslamic Republic of IranIsle of ManIsraelItalyJamaicaJapanJerseyJordanKazakhstanKenyaKiribatiKosovoKuwaitKyrgyzstanLao People's Democratic RepublicLatviaLebanonLesothoLiberiaLibyaLiechtensteinLithuaniaLuxembourgMacaoMadagascarMalawiMalaysiaMaldivesMaliMaltaMarshall IslandsMartiniqueMauritaniaMauritiusMayotteMexicoMicronesia, Federated States ofMoldova, Republic ofMonacoMongoliaMontenegroMontserratMoroccoMozambiqueMyanmarNamibiaNauruNepalNetherlandsNew CaledoniaNew ZealandNicaraguaNigerNigeriaNiueNorfolk IslandNorth KoreaNorthern Mariana IslandsNorwayOmanPakistanPalauPanamaPapua New GuineaParaguayPeople's Republic of ChinaPeruPhilippinesPitcairnPolandPortugalPuerto RicoQatarRepublic of the CongoRepublic of The GambiaReunionRomaniaRussian FederationRwandaSaint BarthélemySaint HelenaSaint Kitts and NevisSaint LuciaSaint Martin (French part)Saint Pierre and MiquelonSaint Vincent and the GrenadinesSamoaSan MarinoSao Tome and PrincipeSaudi ArabiaSenegalSerbiaSeychellesSierra LeoneSingaporeSint Maarten (Dutch part)SlovakiaSloveniaSolomon IslandsSomaliaSouth AfricaSouth Georgia and the South Sandwich IslandsSouth KoreaSouth SudanSpainSri LankaState of PalestineSudanSurinameSvalbard and Jan MayenSwedenSwitzerlandSyrian Arab RepublicTaiwan, Province of ChinaTajikistanThailandThe Republic of North MacedoniaTimor-LesteTogoTokelauTongaTrinidad and TobagoTunisiaTürkiyeTurkmenistanTurks and Caicos IslandsTuvaluUgandaUkraineUnited Arab EmiratesUnited KingdomUnited Republic of TanzaniaUnited States Minor Outlying IslandsUnited States of AmericaUruguayUzbekistanVanuatuVenezuelaVietnamVirgin Islands, BritishVirgin Islands, U.S.Wallis and FutunaWestern SaharaYemenZambiaZimbabwe
Sign up
By completing this form, you agree to our Privacy Policy and Terms of Use.
Table of contents<br>BackgroundWhat happened?Intentional, but also accidentalConclusion
SubscribeSummary<br>Yesterday’s leak of a BGP hijack intended to block Telegram in India is the latest routing mishap best described as intentional, but also accidental — a pattern dating back to Pakistan Telecom’s infamous hijack of YouTube in 2008, in which a domestic block escaped containment and disrupted the service worldwide.
Yesterday, India moved to temporarily block the popular messaging app Telegram over concerns about medical exam fraud. To implement this block, Indian carrier Rcom (AS18101) originated Telegram’s IP space in BGP in order to attract and blackhole the traffic.
This is a familiar story: a hijack intended to stay within national borders leaked out, disrupting Telegram service for a portion of users around the world.
In this post, I’ll explore the incident, its predecessors, and examine how route filtering techniques like RPKI ROV helped to limit the damage caused by the leak.
Background
On June 16, 2026, India’s government ordered a nationwide block on Telegram, set to remain in effect through June 22. The order was issued under Section 69A of India’s IT Act on the recommendation of the National Testing Agency (NTA), which cited the organized use of Telegram by cheating networks targeting candidates sitting for the NEET (UG) 2026 medical school entrance re-examination scheduled later this month.
Fraudulent Telegram channels — operating under names like “PAPER LEAKED NEET” and “Private Mafia” — were demanding payments from students and their families in exchange for purported...