Warning! Targeted Internet misdirection on the rise
Traffic from financial firms, government agencies, VoIP providers quietly hijacked and rerouted through ISPs in Belarus, Iceland, researcher says
Computerworld - Unknown attackers have successfully hijacked and redirected Internet traffic belonging to financial services companies, VoIP providers and governments many times over the past year.
Internet monitoring firm Renesys says it's observed such hijacked traffic during at least 60 days in 2013.
A total of about 1,500 individual IP blocks from 150 cities around the world have been intercepted, inspected and possibly compromised in incidents lasting from a few minutes to several days, the company said today.
Throughout February, for instance, online traffic at numerous financial services companies, network service providers and government agencies in the U.S. South Korea, Germany, the Czech Republic, Iran and other countries was redirected to an Internet Service Provider in Belarus.
Similarly, in May and again in July, Internet traffic from a large U.S. providers of managed network services was hijacked and routed through IP addresses owned by an Icelandic ISP.
In these and other cases, the intercepts were enabled through so-called "Man-in-the-Middle" attacks, when traffic flowing between two points is briefly rerouted to another location and then released back its original path. Such redirections allow attackers to surreptitiously inspect and modify traffic.
If the hijacked traffic is rerouted to a point close to the original destination, the entire caper can be carried with no noticeable lag in traffic time.
The attacks show in practical terms that Border Gateway Protocol (BGP) hijacking is not theoretical, it poses real problems, said Doug Madory, an analyst at Renesys.
BGP routers, which direct traffic between autonomous systems on the Internet, can be accessed by hackers to spoof the IP address of another entity to misdirect traffic there, Madory said. It's difficult to determine that the activity is criminal because such misdirection often occurs due to human error -- such as transposing the digits in an Internet address space. In most cases, such inadvertent misdirection is quickly caught and remedied.
Madory said it's likely the misdirection to the Iceland and Belarus ISPs found by Renesys earlier this year was deliberate. It is likely that people with access to BGP routers at these ISPs created the spurious routes unbeknownst to the ISPs or the victims, he added.
The attackers appear to have found a way to redirect only small portions of traffic bound for a specific destination to avoid being detected, Madory said.
"What's novel here is making just a small percent of the Internet believe the bogus route so they have a way to get traffic to that destination," without notice, Madory said. "If you announced the address space of somebody else and everyone else believed it, then all traffic (for the destination) will be routed to you."
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His email address is email@example.com.
- International police operation disrupts Shylock banking Trojan
- Spamhaus pushes for arrests of alleged DDoS participants
- Accused Russian point-of-sale hacker arrested, will face U.S. charges
- No-IP regains control of some domains wrested by Microsoft
- Microsoft legal action cramping other hacking campaigns, Kaspersky says
- Microsoft admits technical error in IP takeover, but No-IP still down
- QuickPoll: Why hasn't Windows XP come under attack from hackers?
- Cybercrime losses top $400 billion worldwide
- U.S., foreign agents disrupt Gamover Zeus botnet
- LulzSec leader sentenced to time served after cooperating with police
Read more about Security in Computerworld's Security Topic Center.
- EndPoint Interactive eGuide In this eGuide, Network World, Computerworld, and CIO examine two endpoint trends - BYOD and collaboration - and offer tips and advice on...
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- Cybersecurity Imperatives: Reinvent your Network Security The Rise of CyberSecurity
- Surescripts Case Study- Securing Keys and Certificates Surescripts implemented Venafi's Trust Protection Platform™ to secure digital keys and certificates, ensure the privacy and confidentiality of electronic clinical information for its...
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities.
- Deep Dive into Advanced Networking and Security with Hybrid Cloud Security and networking are among the top concerns when moving workloads to the cloud. VMware vCloud® Hybrid Service™ enables you to extend your... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!