Researchers say U.S. Internet traffic was re-routed through Belarus. That’s a problem.
"In 2010 a Chinese ISP momentarily hijacked the Internet. Due to a misconfiguration, some traffic that should have gone to Dell, CNN, Starbucks and Apple was sent to China instead. The incident lasted for only a few minutes and the responsible party claimed it was an accident. But it highlights a dangerous security weakness in one of the Internet's fundamental protocols."
"Experts say that the Internet's fundamental routing protocol, called the Border Gateway Protocol (BGP), is surprisingly reliant on trust among the administrators of the many networks that comprise the Internet."
I hadn't heard of BGP but none of this is too surprising to me.
"It's long been theorized that this sort of re-routing could be weaponized as a technique for intercepting traffic. In fact, Anton Kapela and Alex Pilosov demonstrated a technique for eavesdropping on traffic via BGP at DEFCON in 2008. But now Renesys, an Internet monitoring company, says it has seen a series of what they describe as "man-in-the-middle" attacks using BGP targeting "financial institutions, VoIP providers, and world governments" in the wild. "Internet route hijacking has been around for years, it's really just the emergence of this specific man-in-the-middle variance that has taken off in 2013," Renesys Chief Technology Officer Jim Cowie told me last week."
I'm sure this is also a place where the law is far behind the technology. Is it illegal to reroute internet traffic? There are almost by definition multiple countries involved. If you see an issue who do you contact? Is this something that network admins should just handle on their own?
"Renesys believes this kind of attack is a serious threat to Internet security, but may have a very limited shelf life. "This is not a very subtle attack -- you can't carry it out without publishing your false routes all over the planet," said Cowie. "If everyone would take care to watch how their networks are being advertised around the world it would disappear overnight." So beyond the specifics on the incidents revealed by Renesys, one of the major takeaways from its research might be the need for increased scrutiny of the protocols that make the Internet tick."
Update: Ars Technica has more, Repeated attacks hijack huge chunks of Internet traffic, researchers warn
No comments:
Post a Comment