Feeds

Hijacking huge chunks of the internet - a new How To

It's easy. Those tubes are busted

Beginner's guide to SSL certificates

More evidence that the intertubes are fundamentally broken has been served up by Wired.com in an article laying out a technique to surreptitiously hijack huge chunks of the internet and monitor or even modify unencrypted traffic before it reaches its intended destination.

The exploit of the routing protocol known as BGP, short for Border Gateway Protocol, is akin to the poor man's traffic intercept employed by intelligence agencies throughout the world. Like the recently discovered domain name system cache poisoning bug, the exploit is notable because it highlights weaknesses in some of the net's core underpinnings.

The man-in-the-middle attack was demonstrated earlier this month at the Defcon hacker conference in Las Vegas when researchers Anton "Tony" Kapela and Alex Pilosov redirected traffic bound for the conference network to a system they controlled in New York and then routed it back to Las Vegas.

The attack is able to arbitrarily re-direct traffic by exploiting the implicit trust placed in BGP routers. Anyone with access to a BGP router can intercept data sent to one or more target IP addresses. Attackers can simply drop the packets as Pakistan did earlier this year when it blocked worldwide access to YouTube. Or the attackers could monitor or even alter the traffic before sending it along to its intended destination.

It's fair to say that Wired.com's report has gotten the attention of security experts.

"When you can forcefully route someone's traffic through you before it reaches it targeted destination, that's really bad," Jeremiah Grossman, CTO of security firm White Hat Security, said in an online chat. "Looking at these vuln announcements, 2008 will be known as the year where we could have taken down the internet."

Other researchers, without discounting the serious conclusions raised by the research, said they weren't convinced the attacks would remain stealthy for long. While virtually anyone can join the BGP club, members typically take a keen interest in the actions of their peers. Logs of BGP routing tables date back to at least 1999, said Dan Kaminsky, who first alerted the world to the DNS bug.

"If you abuse your abilities you're going to lose your abilities," Kaminsky explained. "The BGP community is small enough and logged enough that those elements that are doing consistently nasty stuff will be dealt with."

Kaminsky also said pulling off the BGP attack would require a level of expertise that exceeded typical attacks, such as the ubiquitous SQL injection exploits or those targeting the DNS bug.

"Theres not going to be a Metaspoit module that any kid can run that can go ahead and run this attack," he said.

The research nonetheless should raise concern since it further highlights that fundamental parts of the internet - parts that were never designed to be secure - frequently act as the gatekeepers that protect our commerce and communications from a growing number of crooks and snoops. It describes a technique that could make wide-scale spying or fraud if not trivial then certainly possible for groups with just a bit of expertise and determination. And as such, it takes so-called Digital Pearl Harbor scenarios squarely in the realm of possibility.

More from Wired.com, including a detailed explanation of how the attack works and possible ways to prevent it, is here. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Hackers thrash Bash Shellshock bug: World races to cover hole
Update your gear now to avoid early attacks hitting the web
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
Ello? ello? ello?: Facebook challenger in DDoS KNOCKOUT
Gets back up again after half an hour though
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.