ID: IRCNE2013112019
Date: 2013-11-20
According to "computerworld", unknown attackers have successfully hijacked and redirected Internet traffic belonging to financial services companies, VoIP providers and governments many times over the past year.
Internet monitoring firm Renesys says it's observed such hijacked traffic during at least 60 days in 2013.
A total of about 1,500 individual IP blocks from 150 cities around the world have been intercepted, inspected and possibly compromised in incidents lasting from a few minutes to several days, the company said today.
Throughout February, for instance, online traffic at numerous financial services companies, network service providers and government agencies in the U.S. South Korea, Germany, the Czech Republic, Iran and other countries was redirected to an Internet Service Provider in Belarus.
Similarly, in May and again in July, Internet traffic from a large U.S. providers of managed network services was hijacked and routed through IP addresses owned by an Icelandic ISP.
In these and other cases, the intercepts were enabled through so-called "Man-in-the-Middle" attacks, when traffic flowing between two points is briefly rerouted to another location and then released back its original path. Such redirections allow attackers to surreptitiously inspect and modify traffic.
BGP routers, which direct traffic between autonomous systems on the Internet, can be accessed by hackers to spoof the IP address of another entity to misdirect traffic there, Madory said. It's difficult to determine that the activity is criminal because such misdirection often occurs due to human error -- such as transposing the digits in an Internet address space. In most cases, such inadvertent misdirection is quickly caught and remedied.
Madory said it's likely the misdirection to the Iceland and Belarus ISPs found by Renesys earlier this year was deliberate. It is likely that people with access to BGP routers at these ISPs created the spurious routes unbeknownst to the ISPs or the victims, he added.
The attackers appear to have found a way to redirect only small portions of traffic bound for a specific destination to avoid being detected, Madory said.
- 3