Surprise!
Why is it that when we see the word "exploit" or the phrase "security problems/issues", the article is always about Microsoft.
People need to give themselves a shake and stop using MS products!
YES I AM THAT STUPID THANKS FOR ASKING!!!
Mystery traffic redirection attack pulls net traffic through Belarus, Iceland
Tons of internet traffic is being deliberately diverted through locations including Belarus and Iceland, and intercepted by crooks or worse, security experts fear. Network intelligence firm Renesys warns that victims including financial institutions, VoIP providers, and governments have been targeted by the man-in-the-middle …
-
-
-
-
Sunday 24th November 2013 03:50 GMT Fatman
Re: Surprise!
Why is it that when we see the word "exploit" or the phrase "security problems/issues", the article is always about Microsoft.
Look, I enjoy bashing the hell out of Mickeysoft, but, if you even had the smallest bit of understanding how internet traffic gets routed globally; then you would have realized that your diatribe was completely full of shit. End of story!!
Take Mickeysoft out to the woodshed and give them the 'shellacking' they truly deserve; when they screw up; but this is not one of those instances.
Go back to school!
-
-
-
Monday 25th November 2013 08:11 GMT Anonymous Coward
Sjeez - now THIS is sad. Now even the quality of the trolling is in decline. *Please* make an effort.
You didn't mention some creative use of vulnerabilities to show Linux is much unsafer than Windows, you didn't express adoration for great philanthropist Bill Gates, I mean, WTF? Kindly do it properly, your trolling is, well, pathetic is the only word for it.
-
-
-
Friday 22nd November 2013 15:40 GMT lglethal
Re: Datacentre Question
Belarus - Dictatorship, allied to Russia, known for human rights abuses, internet criminals, pumping spam and being Europe's last old school Toatlitarian regime.
Iceland - Democracy, member of NATO, not overly friendly with the US (offered asylum to Snowden), friendly with the EU (but not part of it), not so friendly with the UK (Cod wars and the collapse of Iclandic banks). Not known for internet criminals and pumping spam. Known for being an awesome looking place that you would love to visit if it wasnt so damn far away.
Not really seeing any group that would likely be friendly with both of those countries...
-
Friday 22nd November 2013 17:10 GMT Suricou Raven
Re: Datacentre Question
Assuming it needs friendly. Easy enough to set up a front company without the government knowing. For added points, throw in a couple of badly-forged documents and load the computer with a banking trojan and list of credit cards - that way if you do get caught, it looks like just another criminal gang was behind it.
-
Sunday 24th November 2013 11:02 GMT Anonymous Coward
Re: Datacentre Question
"Belarus - Dictatorship" In your opinion, or rather, the phrase you are parroting from some politically-backed media manipulators. The population don't seem to think so, and kind of like that he isn't kowtowing to the global economic slash and burn project.
"Allied to Russia" Yes. it's right next to Russia, and they can mostly all speak Russian. You want it to be allied to Mexico or something?
"Known for human rights abuses" like supporting the population presumably and not selling off public assets to foreign multinationals. No mention of Ukraine where they are currently imprisoning Yulia Tymoshenko?
"Internet criminals" ORLY ? Last I saw they were mostly making trucks, tractors, footwear and doing programming for Western companies.
"Pumping spam" and the largest countries in the world pumping spam are ...... oh let's guess. Yours?
" and being Europe's last old school Toatlitarian regime." They are not in the EU. They appear to support their population much better than many of the poor countries in the EU. And since they have strengthned ties wih Russia, to protect themselves from economic or political attacks from the west, any hopes of implementing some kind of foreign-backed bankers' coup, are pretty much pie in the sky.
-
Sunday 24th November 2013 15:10 GMT Destroy All Monsters
Re: Datacentre Question
The population don't seem to think so
What.
Look, I know where you are coming from. But this is not an East-vs-West question. Belarus would be better off with less Lukashenko (did he authorize mapping the Chernobyl exclusion zone on Belarus side yet?), but that is indeed not a matter of US foreign policy. Let me cite Ron Paul:
Mr. Speaker, I rise in opposition to the “Belarus Democracy Act” reauthorization. This title of this bill would have amused George Orwell, as it is in fact a US regime-change bill. ... I strongly object to the sanctions that this legislation imposes on Belarus. We must keep in mind that sanctions and blockades of foreign countries are considered acts of war. Do we need to continue war-like actions against yet another country? Can we afford it? I wish to emphasize that I take this position not because I am in support of the regime in Belarus, or anywhere else. I take this position because it is dangerous folly to be the nation that arrogates to itself the right to determine the leadership of the rest of the world. As we teeter closer to bankruptcy, it should be more obvious that we need to change our foreign policy to one of constructive engagement rather than hostile interventionism. And though it scarcely should need to be said, I must remind my colleagues today that we are the U.S. House of Representatives, and not some sort of world congress. We have no constitutional authority to intervene in the wholly domestic affairs of Belarus or any other sovereign nation.
-
-
-
Friday 22nd November 2013 21:23 GMT jonfr
Good luck with Síminn
Good luck with Síminn, they don't like to provide answers if you are not a customers of there and even then it can sometimes be difficult (I am a customer of Síminn in Iceland).
What The Register can do is to contact pfs.is and ask for answers there. They are the monitoring body for Iceland communications and rules. They might provide some answers by asking Síminn the right questions that needs to be answered in this case.
-
Friday 22nd November 2013 23:59 GMT Destroy All Monsters
"Well, we'll not risk another frontal assault. That rabbit's dynamite."
So, as of yet we are unsure whether dark and nefarious activities are indeed afoot or whether we are in the presence of pure accident biggened up by a Security Company pushing its wares.
We are, however, sure that the current BGP exhibits all the syndromes of being no longer appropriate to the 21st century seeing that anything can be advertised by anyone with no traceability or justification.
Better get some protocol druids on the same table and bang heads together pronto.
Yeah, instead we get monetizable advances like new TLD domain names ending in ".cocacola" and sh*t.
-
Saturday 23rd November 2013 16:48 GMT Adam JC
VoIP Traffic...
"The Icelandic traffic hijack was repeated after two months of inactivity by another but different source within the country, Opin Kerfi (AS48685) which "began announcing origination routes for 597 IP networks owned by one of the largest facilities-based providers of managed services in the US, a large VoIP provider"."
Being that almost NO VoIP system I've ever come across (And I've come across a few...) ever bothers to implement SRTP or any noticeable form of encryption (Despite the difficulty of doing this being quite frankly laughable) this would effectively allow them to listen to any conversation (In realtime, if necessary).
That's pretty.. erm... concerning.
-
Saturday 23rd November 2013 22:27 GMT Thomas Allen
Successful packet bidding strategies?
Would you need to bid for and win ALL (or most of) the packets of a long message to understand the whole message? It may not work to only have access to a small percentage of the packets that make up a message.
Maybe if you know beforehand that a bank sends its messages at 10am exactly, and you could bid for all the packets at that instant, at a particular junction, and win all the packets of a single message. (a timing attack)
The article suggests traffic can be "diverted" simply by having a successful bidding strategy at internet router junctions. If you know exactly when the packets are coming, a fast computer could bid and win the packets you want.
-
Sunday 24th November 2013 00:37 GMT Destroy All Monsters
Re: Successful packet bidding strategies?
AFAIK it's not that complex. Router Alice just tells router Bob that it has this "extremely short route" to address (say) block 192.56.255.255, so Bob might consider to route all the packets to address block towards Alice instead of Eve once it receives that announcement. No "bidding" is involved as financial strategies have not yet penetrated this fabric.
-
-
Sunday 24th November 2013 00:59 GMT codeusirae
Protecting Border Gateway Protocol ..
"Administrators must understand many important aspects of BGP as a protocol to assess where it may be susceptible to various forms of attack and where it must be protected .. administrators must mitigate the risk and potential impact of associated exploit attempts" .. link
-
Sunday 24th November 2013 01:20 GMT cracked
If you've stumbled across a recent Comment I've made - to just about any article - you know what I am going to write ...
Ding! Ding! Ding! Ding!
Thanks very much for pulling it - I'll pay the $50 fine.
;-)
So "safe" is this system, so well designed; that it can easily meet the many and varied needs of its global user-base, without breaking sweat. It can handle all of the necessary machinery behind a virtual currency, facilitiate transactions between international finance institutions, collect the chatter from the millions of iToasters and iTellys everyone has plugged in and still satisfy the needs of a bazillion cat lovers without asking them for too many security tokens before they get their video-fix.
Only, no; it can't.
Stop the bus. We should all be politely queuing for the emergency exits.
-
Sunday 24th November 2013 01:41 GMT Frank Rysanek
Mixed feelings... am I missing something here?
This sounds odd. Simply advertising someone else's prefix would point the whole world (or a big part thereof) to *you*. If you were a "stub network" with no other connectivity, you wouldn't be able to forward the traffic to its actual destination (unless you were able to tunnel it to another AS, unaffacted by your BGP injection attack).
Target a single website and present your own mockup say for phishing purposes? maybe. You'd get caught and/or disconnected soon, owing to the havoc you'd cause.
Cause a big havoc by making lots of servers inaccessble? Piece of cake. Good for DoS attacks.
After inspection, redirect traffic to its rightful destination? That's difficult. You'd need a second connectivity, able to take the load. For a small target network with little traffic, a tunnel to someplace else might cut it. In order to re-route some high-volume network, you'd need a thick native link, effectively you'd need to be a transit operator. And you'd probably want to goof just a relatively limited perimeter of your peers (based on distance metric) into thinking that you are the actual origin - principally if you goofed the whole internet, you wouldn't be able to forward the traffic to its rightful destination. You need a carefully crafted local routing anomaly, which might be difficult to achieve.
And, in general you wouldn't be able to hijack traffic flowing in both directions (such as to wiretap a phonecall in full duplex), unless you did the BGP hijacking trick in *both* directions simultaneously: against both ends of the sessions you try to wiretap. Hijacking a single BGP prefix gives you just one direction of the traffic flow.
Doesn't sound like something very useful for anything except a massive and short-lived DoS attack.
Unless you have your hijacking gear installed in a big transit operator's backbone routers.
Who would you have to be, to be in that position :-)
Considering the need for a "local routing anomaly", what would be the point for the attacker's target network, somewhere in the global internet, to check the BGP for its own routing advertisements? A single check at an available nearby point wouldn't do. You'd have to check your prefix at a number of routers worldwide and analyze the "spatial propagation" for anomalies in the distance metric... hardly feasible, unless you're Google.
Then again the threat is probably real, as a number of people worldwide apparently work towards a more secure BGP. There is a decade-old standard called S-BGP... which probably hasn't reached universal use, if BGP hijacking is nowadays still (or ever more) in vogue...
This topic is closed for new posts.
Biting the hand that feeds IT
