(a feared existing one), to steal Internet Traffic heading back to government agencies, Multinational Corporations and other important beneficiaries in the United States. Early in its beginning, it (THAT Traffic) was redirected to Belarus and/or Iceland, then, recently sent on to its predetermined recipients. It took several months, until someone observed this changing pattern. And this may not have been the first time that this took place, simply the first time someone noticed.
Researchers @ Renesys (The Internet Intelligence Authority - as they claim themselves), a Internet Monitoring Company, said, that over several months earlier this year (2013) someone (Extraterrestrials maybe?) diverted the traffic, using the same vulnerability in the so-called Border Gateway Protocol (also short termed BGP, designed to exchange routing and reachability information between Autonomous Systems (AS)), that the two security researchers demonstrated in 2008 (therefor you need to read this article, that gives you full insight to this developing story). This Attack (can be compared to the well known exploiting Man-in-the-Middle-Attack) allows Cybercriminals to jerk other routers by redirecting their data to a system, that the hijackers control themselves. Finally, then when they resend the data to the intended recipient, noone of the origin communicators is aware, that their information has been funneled.
The danger out of this scheme, is potentially enormous. Once critical data is intercepted, copied and secured, the Hijacker can burrow through the archives of any unencrypted information, spying through emails and spreadsheets, extracting credit card numbers, and seizing all available amounts of sensitive data.
In this case, the backers initiated the hijacks at least 38 times, grabbing traffic from about 1.500 individual IP blocks. Sometimes for minutes, sometimes for hours, sometimes for days. It is known, that they did it in such a way, that it is the consistant SAY: Make no mistake about it ! There was no mistake to commit, Analysts say.
(I thought Renesys (a Internet Monitoring Firm), are specialized on this matter. So, how can it be that this happened so often before someone noticed ? But maybe it has nothing else to do with about the first phrase i wrote up in this Post.)
Doug Madory |
Although the intercepts originated from a number of different systems in Belarus and Iceland, Renesys believes the attacks are all related, and that the hijackers may have altered the locations to obfuscate their malicious activity. “What makes a man-in-the-middle attack different from a simple routing hijack? Simply put, the traffic keeps flowing and everything looks fine to the recipient,…” Renesys wrote in a blog post about the hijacks. “It’s possible to drag specific internet traffic halfway around the world, inspect it, modify it if desired, and send it back on its way. Who needs fiberoptic taps?” (...?)
Tony Kapela |
"...where an attacker gains physical access to a router belonging to one of the companies and installs a monitoring device to record data, then gains control of the router console to send out a bogus BGP announcement, to redirect traffic through the router. If anyone discovers the redirect, so that the "Bad Guy" would appear, to be the company itself, that owned the router...."
How long will it take to resolve this Enigma, when you think about the fact that it took 38 blinks of an eye, to realize: There is a Mystery going on...?
Keine Kommentare:
Kommentar veröffentlichen