Do you have adblock enabled?
 
If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(Wired)   Someone has been siphoning data through a massive security hole in the internet. Well that sucks   ( wired.com) divider line
    More: Interesting, black holes, network monitoring, China Telecom, BGP, credit card numbers, Renesys, VoIP, hacker conference  
•       •       •

5061 clicks; posted to Geek » on 05 Dec 2013 at 2:42 PM (3 years ago)   |   Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



Voting Results (Smartest)
View Voting Results: Smartest and Funniest

2013-12-05 02:49:44 PM  
5 votes:
Why in God's name would you color the LAND blue on a map?
2013-12-06 02:42:00 AM  
1 vote:

cman: Interesting

I can see any nation responsible for doing that. Hell, I wouldn't put it past them Icelanders to be responsible, those farking Vikings.


I could do it with the routers I manage at work.  BGP is pretty broken from a security standpoint.  Of course it wasn't designed with any security in mind.
2013-12-05 07:27:11 PM  
1 vote:

Peki: ///can't wait until we go back to paper for "security" reasons. . . lulz


Like the Russians?

http://slashdot.org/story/13/07/11/1337236/russian-federal-guard-ser vi ce-upgrades-to-electric-typewriters
2013-12-05 04:28:36 PM  
1 vote:

aelat: Aren't BGP advertisements authenticated, as are all interior routing protocols (if done properly)? Unless I missed it, the article didn't mention why the false advertisements were ever accepted by the legitimate routers, as the fake ones wouldn't have the password (I assume). Did these ISPs just leave their BGP traffic unauthenticated and unencrypted? /confused

The technique doesn't attack a bug or flaw in BGP, but simply takes advantage of the fact that BGP's architecture is based on trust.

A protocol architecture based on trust? Gee, that's helpful. For a second there I thought that  every security model in the world was based on trust.

If anyone can provide actual details about how this exploit actually works, I'm genuinely curious. Only looked for a minute on google, but it sounds like BGP traffic might be unauthenticated?


Some more details in one of the articles linked to from this one.

The attack is called an IP hijack and, on its face, isn't new. But in the past, known IP hijacks have created outages, which, because they were so obvious, were quickly noticed and fixed.
...
Pilosov's innovation is to forward the intercepted data silently to the actual destination, so that no outage occurs. Ordinarily, this shouldn't work - the data would boomerang back to the eavesdropper. But Pilosov and Kapela use a method called AS path prepending that causes a select number of BGP routers to reject their deceptive advertisement. They then use these ASes to forward the stolen data to its rightful recipients.
"Everyone ... has assumed until now that you have to break something for a hijack to be useful," Kapela said. "But what we showed here is that you don't have to break anything. And if nothing breaks, who notices?"


Makes sense that if you think the worst case scenario is a temporary service outage, you're not going to worry much.
On the other hand, even without eavesdropping and forwarding, somebody could just hijack Facebook's IP addresses and put up a fake login page that throws an error on submit.  It'll take a while before the right people get notified that it's going on, and you'll have phished a lot of passwords during that time.
2013-12-05 02:53:31 PM  
1 vote:

DammitIForgotMyLogin: The traffic hijack, they showed, could be done in such a way that no one would notice because the attackers could simply re-route the traffic to a router they controlled, then forward it to its intended destination once they were done with it, leaving no one the wiser about what had occurred.

Except for these people, who apparently noticed it ...


Well you know technically this happens every day on billions or trillions of connections, because that's how BGP works.   Dunno if it's really a "security" hole in that if a cable is cut somewhere there in the middle the path taken MAY one day be the best path.    The only problem would be if you aren't encrypting traffic that should be encrypted using proper encryption levels.

The data you send out over networks you don't control should ALWAYS be encrypted in a way you want it to be.   And yes, "none" is perfectly acceptable for a lot of that traffic.
2013-12-05 01:28:06 PM  
1 vote:
The traffic hijack, they showed, could be done in such a way that no one would notice because the attackers could simply re-route the traffic to a router they controlled, then forward it to its intended destination once they were done with it, leaving no one the wiser about what had occurred.

Lag.  LAG!  Damnit, fragged again!
 
Displayed 6 of 6 comments

View Voting Results: Smartest and Funniest

This thread is archived, and closed to new comments.

Continue Farking

On Twitter





Top Commented
Javascript is required to view headlines in widget.
  1. Links are submitted by members of the Fark community.

  2. When community members submit a link, they also write a custom headline for the story.

  3. Other Farkers comment on the links. This is the number of comments. Click here to read them.

  4. Click here to submit a link.

Report