Feeds

Hijacking huge chunks of the internet - a new How To

It's easy. Those tubes are busted

Secure remote control for conventional and virtual desktops

More evidence that the intertubes are fundamentally broken has been served up by Wired.com in an article laying out a technique to surreptitiously hijack huge chunks of the internet and monitor or even modify unencrypted traffic before it reaches its intended destination.

The exploit of the routing protocol known as BGP, short for Border Gateway Protocol, is akin to the poor man's traffic intercept employed by intelligence agencies throughout the world. Like the recently discovered domain name system cache poisoning bug, the exploit is notable because it highlights weaknesses in some of the net's core underpinnings.

The man-in-the-middle attack was demonstrated earlier this month at the Defcon hacker conference in Las Vegas when researchers Anton "Tony" Kapela and Alex Pilosov redirected traffic bound for the conference network to a system they controlled in New York and then routed it back to Las Vegas.

The attack is able to arbitrarily re-direct traffic by exploiting the implicit trust placed in BGP routers. Anyone with access to a BGP router can intercept data sent to one or more target IP addresses. Attackers can simply drop the packets as Pakistan did earlier this year when it blocked worldwide access to YouTube. Or the attackers could monitor or even alter the traffic before sending it along to its intended destination.

It's fair to say that Wired.com's report has gotten the attention of security experts.

"When you can forcefully route someone's traffic through you before it reaches it targeted destination, that's really bad," Jeremiah Grossman, CTO of security firm White Hat Security, said in an online chat. "Looking at these vuln announcements, 2008 will be known as the year where we could have taken down the internet."

Other researchers, without discounting the serious conclusions raised by the research, said they weren't convinced the attacks would remain stealthy for long. While virtually anyone can join the BGP club, members typically take a keen interest in the actions of their peers. Logs of BGP routing tables date back to at least 1999, said Dan Kaminsky, who first alerted the world to the DNS bug.

"If you abuse your abilities you're going to lose your abilities," Kaminsky explained. "The BGP community is small enough and logged enough that those elements that are doing consistently nasty stuff will be dealt with."

Kaminsky also said pulling off the BGP attack would require a level of expertise that exceeded typical attacks, such as the ubiquitous SQL injection exploits or those targeting the DNS bug.

"Theres not going to be a Metaspoit module that any kid can run that can go ahead and run this attack," he said.

The research nonetheless should raise concern since it further highlights that fundamental parts of the internet - parts that were never designed to be secure - frequently act as the gatekeepers that protect our commerce and communications from a growing number of crooks and snoops. It describes a technique that could make wide-scale spying or fraud if not trivial then certainly possible for groups with just a bit of expertise and determination. And as such, it takes so-called Digital Pearl Harbor scenarios squarely in the realm of possibility.

More from Wired.com, including a detailed explanation of how the attack works and possible ways to prevent it, is here. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The hidden costs of self-signed SSL certificates
Exploring the true TCO for self-signed SSL certificates, including a side-by-side comparison of a self-signed architecture versus working with a third-party SSL vendor.