Hackers at the recent DEFCON conference demonstrated Internet flaws even more shocking than the recent DNS vulnerability. A design error that’s been known, has been exploited and probably has been used by government security agencies like the NSA.

Wired had the lowdown on the recent presentation at DEFCON by Anton "Tony" Kapela, data center and network director at 5NinesData, and Alex Pilosov, CEO of Pilosoft. They demonstrated how design errors in the Internet’s border gateway protocol or BGP can be used to spy on traffic originating from a chosen set of IP blocks.

These aren’t hacks – more like taking advantage of the flawed structure of the Internet. 

"We’re not doing anything out of the ordinary," Kapela told Wired.com. "There’s no vulnerabilities, no protocol errors, there are no software problems. The problem arises (from) the level of interconnectivity that’s needed to maintain this mess, to keep it all working."

For BGP to work the entire architecture depends on something that’s hard to maintain in this age – trust. BGP routers communicate to networks and help networks determine the fastest route to send along data. And these networks work on the principle that the routers are ‘telling the truth’ but it’s just all too easy for someone with the knowhow into fooling the routers into directing the traffic to a given point.

Former hacker, current security expert Peiter Zatko had testified to Congress that the entire Internet could be brought down by an attack on BGP. No solution or alternative to BGP has been effectively rolled-out to date, leaving it wide open to exploitation and to people snooping on your traffic. Including the NSA.

And this subtle rerouting of traffic also has a name – IP hijacking. Like the recent Pakistan YouTube case. Pakistan clumsily attempted to reroute traffic going to YouTube into a blackhole but instead of just Pakistanis, the entire world lost access.

Kapela and Pilosov have found a means of intercepting communication and then sneakily forwarding it back to its original recipient. They do it by prepending the IP address – attaching additional numbers to the route to ensure that some routers reject it. Once a router rejects it, then the hacker just needs to feed the data to be forwarded on and the router forwards it without a thought.

Until now, no patch has been issued, no solution agreed upon as yet so until the hole is patched…we have reasons to be worried.

Related:

Entry was posted on Sunday, August 31st, 2008 at 8:19 am under Security.

Read more entries by Erna Mahyuni.
Stumble It!