Feeds

Hijacking huge chunks of the internet - a new How To

It's easy. Those tubes are busted

The Essential Guide to IT Transformation

More evidence that the intertubes are fundamentally broken has been served up by Wired.com in an article laying out a technique to surreptitiously hijack huge chunks of the internet and monitor or even modify unencrypted traffic before it reaches its intended destination.

The exploit of the routing protocol known as BGP, short for Border Gateway Protocol, is akin to the poor man's traffic intercept employed by intelligence agencies throughout the world. Like the recently discovered domain name system cache poisoning bug, the exploit is notable because it highlights weaknesses in some of the net's core underpinnings.

The man-in-the-middle attack was demonstrated earlier this month at the Defcon hacker conference in Las Vegas when researchers Anton "Tony" Kapela and Alex Pilosov redirected traffic bound for the conference network to a system they controlled in New York and then routed it back to Las Vegas.

The attack is able to arbitrarily re-direct traffic by exploiting the implicit trust placed in BGP routers. Anyone with access to a BGP router can intercept data sent to one or more target IP addresses. Attackers can simply drop the packets as Pakistan did earlier this year when it blocked worldwide access to YouTube. Or the attackers could monitor or even alter the traffic before sending it along to its intended destination.

It's fair to say that Wired.com's report has gotten the attention of security experts.

"When you can forcefully route someone's traffic through you before it reaches it targeted destination, that's really bad," Jeremiah Grossman, CTO of security firm White Hat Security, said in an online chat. "Looking at these vuln announcements, 2008 will be known as the year where we could have taken down the internet."

Other researchers, without discounting the serious conclusions raised by the research, said they weren't convinced the attacks would remain stealthy for long. While virtually anyone can join the BGP club, members typically take a keen interest in the actions of their peers. Logs of BGP routing tables date back to at least 1999, said Dan Kaminsky, who first alerted the world to the DNS bug.

"If you abuse your abilities you're going to lose your abilities," Kaminsky explained. "The BGP community is small enough and logged enough that those elements that are doing consistently nasty stuff will be dealt with."

Kaminsky also said pulling off the BGP attack would require a level of expertise that exceeded typical attacks, such as the ubiquitous SQL injection exploits or those targeting the DNS bug.

"Theres not going to be a Metaspoit module that any kid can run that can go ahead and run this attack," he said.

The research nonetheless should raise concern since it further highlights that fundamental parts of the internet - parts that were never designed to be secure - frequently act as the gatekeepers that protect our commerce and communications from a growing number of crooks and snoops. It describes a technique that could make wide-scale spying or fraud if not trivial then certainly possible for groups with just a bit of expertise and determination. And as such, it takes so-called Digital Pearl Harbor scenarios squarely in the realm of possibility.

More from Wired.com, including a detailed explanation of how the attack works and possible ways to prevent it, is here. ®

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
Multipath TCP speeds up the internet so much that security breaks
Black Hat research says proposed protocol will bork network probes, flummox firewalls
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Tor attack nodes RIPPED MASKS off users for 6 MONTHS
Traffic confirmation attack bared users' privates - but to whom?
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.