Routing anomalies, beyond simple leaks, are occurring on the order of tens of thousands a year. These may be accidents, but there is anecdotal evidence that indicates criminal intent. There are case studies that illustrate the use of these for national intelligence. Any given anomaly could be an accident, a crime, or an attack. Although it is impossible to directly observe the motivation of those who generate these anomalies, aggregate data about the sources of these anomalies is available. Here we leverage tools of macroeconomics to provide insights into the possible nature of these anomalies. We offer an empirical investigation using multiple linear regression and unsupervised learning to analyze data over a four-year period in order to better understand the nature of routing anomalies. If routing anomalies are a result of limited technical competence, then countries with low levels of education, few technology exports, and less expertise should be over-represented. If routing anomalies are leveraged by criminals for profit, then economic theories and analytical approaches from criminology should show statistical significance. Or, if routing anomalies are primarily used by national intelligence agencies to attack either internal dissidents or those outside their borders, then the presence of conflict and measures of quality of governance are possible indicators. We examine anomalies as likely due to incompetence, potential ecrime, or intelligence operations using macroeconomics by leveraging three theories from criminology and global measures of technology adoption. We found that exports of technology were not statistically significant, undermining the argument for incompetence. We also found support for the possibility that anomalies are driven by crime, specifically for the guardianship and relative deprivation theories of crime. In addition to these findings from regression analysis, clustering indicates that civil conflict and surveillance are associated with the disproportionate origination of routing anomalies. This supports the possibility of use of routing anomalies for national intelligence. Note: A final version of this paper was published in Computers & Security at https://doi.org/10.1016/j.cose.2017.06.011
