Reply to comment:

It is a good idea to use the existing DNSMON infrastructure. I think that would be excellent use of RIPE NCC's resources.<br /><br />I am very surprised that organizations are wildly deploying pieces of critical internet infrastructure in multiple locations around the world, but are not simultaneously monitoring how their anycasted service instances are visible around the world. I am happy to see that RIPE NCC actually had some historical data on this and was able to spot that the DNS queries had been diverted to Beijing already before.<br /><br />It was just a funny coincidence that I happened to notice this and alerted the people this time (and this was more than 24 hours after it started).<br /><br />This was not the first time this has happened. Shouldn't we already learn something? Combined with things like what happened to DigiNotar, this becomes scary. DNS hijack makes using fraudulent certificates for massive or targeted MITM attacks trivial.<br />