Wyly Wade

Hacking Team’s BGP hack to hijack IPs it didn’t own

The ease of fraudulently manipulating the BGP system has long been recognized as a key weak point in Internet security. The Hacking Team e-mails (1, 2, 3, 4, 5, 6, 7, 8, and 9) move that risk out of the theoretical and into the practical. It also underscores the need for universal norms to be observed by service providers and for enforceable penalties when they’re breached.

“In general, the issue is that BGP is the underlying system for directing Internet traffic around the world and there is presently nothing to stop an entity from announcing another entity’s IP address space—effectively impersonating it,” Madory wrote in an e-mail. “These techniques can be used to intercept or manipulate the contents of affected Internet traffic or simply to ‘blackhole’ traffic.”

Source: Hacking Team orchestrated brazen BGP hack to hijack IPs it didn’t own | Ars Technica

Leave a Reply

%d bloggers like this: