Earlier this year, a massive amount of internet traffic, much of it intended for U.S. government agencies, was redirected towards Iceland and Belarus, before it was sent to it’s final destination in the U.S, according to an article in Wired Magazine
Analysts at network monitoring firm Rensys announced that someone used a vulnerability in the Border Gateway Protocol (BGP) to conduct a man-in-the-middle exploit, which allowed the attackers to trick routers into directing network traffic towards a system that the attackers controlled. The hijacked network traffic passed through the attackers system, where it could be copied, and then routed back to it’s original destination. This type of attack is very difficult to detect.
Once the traffic has been copied, the attackers can then analyze any unencrypted data and extract massive amounts of information, including passwords or credit card numbers.
This data hijacking occurred 21 times during February 2013. In one case, traffic that was supposed to go from New York to Los Angeles was first routed to Belarus and Moscow, then sent back to New York and finally on to Los Angeles.
In another case, traffic was supposed to go from Denver CO, to Denver, CO. However, it originated in Denver, went to Chicago, then Virginia, New York, London, and ended up in Reykjavic Iceland. Then it was directed back to Denver through Montreal, Chicago, New York, Dallas, Kansas City, and finally, Denver.
Image from Wired Magazine
In another case, traffic that was supposed to go from Chicago, through Germany, to Iran ended up going through Canada, London, Amsterdam, Moscow, Belarus, Poland, Germany, Great Britain, New York, and finally Iran.
Attacks occurred again in May and July.
Renesys discovered these attacks because it analyzes global internet traffic, and sends about 250 million traceroutes a day around the world to monitor the health of the global internet.
According to Renesys, credit-card processing companies and ISP’s should monitor the routing of their adveristed IP addresses to make sure someone isn’t hijacking their traffic.