Warning! Targeted Internet misdirection on the rise
Traffic from financial firms, government agencies, VoIP providers quietly hijacked and rerouted through ISPs in Belarus, Iceland, researcher says
Computerworld - Unknown attackers have successfully hijacked and redirected Internet traffic belonging to financial services companies, VoIP providers and governments many times over the past year.
Internet monitoring firm Renesys says it's observed such hijacked traffic during at least 60 days in 2013.
A total of about 1,500 individual IP blocks from 150 cities around the world have been intercepted, inspected and possibly compromised in incidents lasting from a few minutes to several days, the company said today.
Throughout February, for instance, online traffic at numerous financial services companies, network service providers and government agencies in the U.S. South Korea, Germany, the Czech Republic, Iran and other countries was redirected to an Internet Service Provider in Belarus.
Similarly, in May and again in July, Internet traffic from a large U.S. providers of managed network services was hijacked and routed through IP addresses owned by an Icelandic ISP.
In these and other cases, the intercepts were enabled through so-called "Man-in-the-Middle" attacks, when traffic flowing between two points is briefly rerouted to another location and then released back its original path. Such redirections allow attackers to surreptitiously inspect and modify traffic.
If the hijacked traffic is rerouted to a point close to the original destination, the entire caper can be carried with no noticeable lag in traffic time.
The attacks show in practical terms that Border Gateway Protocol (BGP) hijacking is not theoretical, it poses real problems, said Doug Madory, an analyst at Renesys.
BGP routers, which direct traffic between autonomous systems on the Internet, can be accessed by hackers to spoof the IP address of another entity to misdirect traffic there, Madory said. It's difficult to determine that the activity is criminal because such misdirection often occurs due to human error -- such as transposing the digits in an Internet address space. In most cases, such inadvertent misdirection is quickly caught and remedied.
Madory said it's likely the misdirection to the Iceland and Belarus ISPs found by Renesys earlier this year was deliberate. It is likely that people with access to BGP routers at these ISPs created the spurious routes unbeknownst to the ISPs or the victims, he added.
The attackers appear to have found a way to redirect only small portions of traffic bound for a specific destination to avoid being detected, Madory said.
"What's novel here is making just a small percent of the Internet believe the bogus route so they have a way to get traffic to that destination," without notice, Madory said. "If you announced the address space of somebody else and everyone else believed it, then all traffic (for the destination) will be routed to you."
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His email address is email@example.com.
- Nine charged with distributing Zeus malware
- The new security perimeter: Human Sensors
- Cyberattacks could paralyze U.S., former defense chief warns
- Security Manager's Journal: Thousands of dollars in phone calls? Management hates that.
- Everything You Know About Enterprise Security Is Wrong
- UK man charged with hacking Federal Reserve
- McAfee Offers Global Response to Nationalized Malware
- Tech Industry Praises Cybersecurity Framework From White House
- Ransomware like Cryptolocker uses Bitcoin, other virtual currencies for payment
- Trial for alleged Silk Road creator Ross Ulbricht set for November
Read more about Security in Computerworld's Security Topic Center.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts