KeyChest Blog

25 Years of Internet Hijacking Nears Its End

Feb 25, 2020 7:56:59 PM / by Dan

If you make an internet call from Sydney to Texas, a technology called Border Gateway Protocol, or BGP for short, will ensure that your computer will find your friend in Texas. Just like people have to go through a border gate (or customs if you are at the airport) to enter another country, internet users have to go through a gate to access anything on the internet in another country. Internet users have unknowingly used BGP for over 30 years. The problem is that this old technology leaves the border gate wide open for a special kind of cyberattack.

 

The attack is a kind of hijacking because it pretends to be the border gate into one country, but users first have to go through another country to get there—without ever knowing it. So if you try to call your friend in Texas from your internet in Sydney, you may be directed through China first without ever knowing it!

  • The attacker then hijacks ALL of the information that passes through: things like usernames and passwords, bank card information, pictures, videos, and everything in between. BGP connects the networks of entire countries so any attack will impact millions of users. 

Try Instant domain audit Now

  • In 2014, a Canadian internet provider executed 22 separate attacks, each lasting 30 seconds. They targeted BitCoin mining and the attacks were successful;
  • April 2017 - Russian telco Rostelecom hijacked 37 of autonomous domains, including Visa and MasterCard. The attack lasted 7 minutes but no-one was ever able to find out if any data or what data was compromised;
  • July 2018 - Iran hijacked traffic of Telegram Messenger; 
  • November 2018 - China Telecom site in the US redirected Google for more than 1 hour and 20 minutes.

A Problem of True Identity

How hard is it to hijack the traffic? It is relatively simple as there is no authentication of who announces the best route from Sydney to Texas. So if someone in Norway starts loudly shouting - "this is the quickest route now". The traffic will go through Norway. Someone in Brazil will start saying the same 10 minutes later, all the traffic will start going through Brazil.

What BGP needs is authentication of those who “shout”… A sort of identity check at the gate. This new technology is call RPKI. "RPKI, uses a certificate system that's akin to secure web browsing (or at-least its early days). While secure web browsing has moved on and is far more secure and is somewhat the default these days, the state of BGP route validation has not moved forward."

The first step of securing BGP is to find out which BGP routes are valid. In the Asia Pacific & Africa region, this happened towards the end of last year, and internet operators validated 79% of routes in January 2020 (a big jump from 29% in November 2019). The process was not smooth with some big internet users.

The stakes are high as those who do not cooperate will lose access to the Internet. Mapping valid routes is important because the rest will soon stop working. Big US ISPs like Google, Cloudflare and others will start dropping invalid connections in coming months. Some regions are behind including Australia and its biggest operator Telstra.

What does the hijack mean? An analogy would be a diversion on a motorway  that would suddenly direct all the traffic to a military posts for inspection. What it means is that a "random" entity anywhere in the world (geographic location is not a barrier so it can be happening in China, France, or Mexico) can filter, analyze and extract everything that you send over the internet - be it backups of customer information, IP, personal data between your servers, or telephone calls from your laptop, or even from your mobile phone - all that data goes via the Internet.

This can impact big companies as well as small ones. The best way to protect yourself is to use web encryption (SSL / HTTPS). It is an end-to-end encryption between computers. If someone hijacks this traffic, they may slow you down but the data will remain secure. The downside is that web encryption expires. This can impact your revenue as well as create a dangerous backdoor to your data.

KeyChest manages your SSL for you. Set up our cloud service and then forget it. Restore confidence in your IT and make encryption a valuable business asset instead of a time-sucking drag.

 Check the status of your web domain with our instant online domain audit tool.

Tags: certificate, security

Dan

Written by Dan