Okay great article but....you don't have to deal with the everyday routing/peering that Level3 has to do (which is massive). It is always easy to come in and say "well you should have done this better" without understanding the business, politics or the processes in place. This is one of the things that annoy me about security "professionals" these days, it is really easy to point out what is wrong but in reality it is hard to fix those issues.
For this case sometimes ISPs choose to trust other ISPs and their processes. Rather than create duplication of effort/work they say "hey we know you are good and you have the processes in place" which is sort of what the internet was built on. So Level3 trusted this ISP to filter their routes and they didn't, lesson learned. Not everything needs to go through duplicate work/100 checks and balances before it gets done. Yes there are minimum things Level3 could have done better but seriously you don't know the situation, the politics or the process. Good article without context.
For this case sometimes ISPs choose to trust other ISPs and their processes. Rather than create duplication of effort/work they say "hey we know you are good and you have the processes in place" which is sort of what the internet was built on. So Level3 trusted this ISP to filter their routes and they didn't, lesson learned. Not everything needs to go through duplicate work/100 checks and balances before it gets done. Yes there are minimum things Level3 could have done better but seriously you don't know the situation, the politics or the process. Good article without context.