[ISN] Revealed: The Internet's Biggest Security Hole

From: InfoSec News <alerts_at_private>
Date: Thu, 28 Aug 2008 00:34:28 -0500 (CDT)

By Kim Zetter 
Threat Level
August 26, 2008

Two security researchers have demonstrated a new technique to stealthily 
intercept internet traffic on a scale previously presumed to be 
unavailable to anyone outside of intelligence agencies like the National 
Security Agency.

The tactic exploits the internet routing protocol BGP (Border Gateway 
Protocol) to let an attacker surreptitiously monitor unencrypted 
internet traffic anywhere in the world, and even modify it before it 
reaches its destination.

The demonstration is only the latest attack to highlight fundamental 
security weaknesses in some of the internet's core protocols. Those 
protocols were largely developed in the 1970s with the assumption that 
every node on the then-nascent network would be trustworthy.  The world 
was reminded of the quaintness of that assumption in July, when 
researcher Dan Kaminsky disclosed a serious vulnerability in the DNS 
system. Experts say the new demonstration targets a potentially larger 

"It's a huge issue. It's at least as big an issue as the DNS issue, if 
not bigger," said Peiter "Mudge" Zatko, noted computer security expert 
and former member of the L0pht hacking group, who testified to Congress 
in 1998 that he could bring down the internet in 30 minutes using a 
similar BGP attack, and disclosed privately to government agents how BGP 
could also be exploited to eavesdrop. "I went around screaming my head 
about this about ten or twelve years ago.... We described this to 
intelligence agencies and to the National Security Council, in detail."

The man-in-the-middle attack exploits BGP to fool routers into 
re-directing data to an eavesdropper's network.

Anyone with a BGP router (ISPs, large corporations or anyone with space 
at a carrier hotel) could intercept data headed to a target IP address 
or group of addresses. The attack intercepts only traffic headed to 
target addresses, not from them, and it can't always vacuum in traffic 
within a network -- say, from one AT&T customer to another.

The method conceivably could be used for corporate espionage, 
nation-state spying or even by intelligence agencies looking to mine 
internet data without needing the cooperation of ISPs.


Register now for HITBSecConf2008 - Malaysia! With 
a new triple-track conference featuring 4 keynote 
speakers and over 35 international experts, this 
is the largest network security event in Asia and 
the Middle East! 
Received on Wed Aug 27 2008 - 22:34:28 PDT

This archive was generated by hypermail 2.2.0 : Wed Aug 27 2008 - 22:45:13 PDT