Information Security News
mailing list archives
Repeated attacks hijack huge chunks of Internet traffic, researchers warn
From: InfoSec News <alerts () infosecnews org>
Date: Thu, 21 Nov 2013 06:16:47 +0000 (UTC)
By Dan Goodin
Nov 20 2013
Huge chunks of Internet traffic belonging to financial institutions,
government agencies, and network service providers have repeatedly been
diverted to distant locations under unexplained circumstances that are
stoking suspicions the traffic may be surreptitiously monitored or
modified before being passed along to its final destination.
Researchers from network intelligence firm Renesys made that sobering
assessment in a blog post published Tuesday. Since February, they have
observed 38 distinct events in which large blocks of traffic have been
improperly redirected to routers at Belarusian or Icelandic service
providers. The hacks, which exploit implicit trust placed in the border
gateway protocol used to exchange data between large service providers,
affected "major financial institutions, governments, and network service
providers" in the US, South Korea, Germany, the Czech Republic, Lithuania,
Libya, and Iran.
The ease of altering or deleting authorized BGP routes, or of creating new
ones, has long been considered a potential Achilles Heel for the Internet.
Indeed, in 2008, YouTube became unreachable for virtually all Internet
users after a Pakistani ISP altered a route in a ham-fisted attempt to
block the service in just that country. Later that year, researchers at
the Defcon hacker conference showed how BGP routes could be manipulated to
redirect huge swaths of Internet traffic. By diverting it to unauthorized
routers under control of hackers, they were then free to monitor or tamper
with any data that was unencrypted before sending it to its intended
recipient with little sign of what had just taken place.
"This year, that potential has become reality," Renesys researcher Jim
Cowie wrote. "We have actually observed live man-in-the-middle (MitM)
hijacks on more than 60 days so far this year. About 1,500 individual IP
blocks have been hijacked, in events lasting from minutes to days, by
attackers working from various countries."
Dean Bushmiller teaches a great 5-Day CISM in Albany NY Dec. 2 6.
Call 327-937-9786 for details.
- Repeated attacks hijack huge chunks of Internet traffic, researchers warn InfoSec News (Nov 21)