The Internet's Biggest Security Hole Revealed

← Back to Stories (view on slashdot.org)

The Internet's Biggest Security Hole Revealed

Posted by kdawson on Tuesday August 26, 2008 @03:16PM from the kaminsky-was-a-warmup dept.

At DEFCON, Tony Kapela and Alex Pilosov demonstrated a drastic weakness in the Internet's infrastructure that had long been rumored, but wasn't believed practical. They showed how to hijack BGP (the border gateway protocol) in order to eavesdrop on Net traffic in a way that wouldn't be simple to detect. Quoting: "'It's at least as big an issue as the DNS issue, if not bigger,' said Peiter 'Mudge' Zatko, noted computer security expert and former member of the L0pht hacking group, who testified to Congress in 1998 that he could bring down the internet in 30 minutes using a similar BGP attack, and disclosed privately to government agents how BGP could also be exploited to eavesdrop. 'I went around screaming my head about this about ten or twelve years ago... We described this to intelligence agencies and to the National Security Council, in detail.' The man-in-the-middle attack exploits BGP to fool routers into re-directing data to an eavesdropper's network." Here's the PDF of Kapela and Pilosov's presentation.

103 of 330 comments (clear)

The man in the middle by symbolset · 2008-08-26 15:18 · Score: 3, Funny

Must have the world's largest collection of online porn.
Which would figure, actually.

--
Help stamp out iliturcy.
1. Re:The man in the middle by gnick · 2008-08-26 15:35 · Score: 5, Funny
  
  How can a title including 'The Internet's Biggest ... Hole' not be kicked off with a goatse joke?
  
  --
  He's getting rather old, but he's a good mouse.
2. Re:The man in the middle by symbolset · 2008-08-26 15:47 · Score: 2, Insightful
  
  .... I want a look at the software that detects duplicates and sorts all those files out.
  Lucky you. The article is still on Slashdot's main page.
  
  --
  Help stamp out iliturcy.
3. Re:The man in the middle by EdIII · 2008-08-26 16:01 · Score: 5, Insightful
  
  Yeah.. That's funny. Nice observation there...
  Just one thing though... You sound like the teenage boys who always claim they want to grow up to be a gynecologist. Problem with that is that gynecologists usually see the worst looking, diseased, and nasty vagina. Not the good looking, sweet smelling, celebrity vagina.
  So the guy who has all the internet porn is going to have quite a collection of goatse and things that will make you WANT to go back to looking at goatse.
4. Re:The man in the middle by IMightB · 2008-08-26 17:08 · Score: 5, Insightful
  
  plus goatse has fewer gaping assholes
5. Re:The man in the middle by Bill+Hayden · 2008-08-26 17:22 · Score: 5, Funny
  
  He said he doesn't want to see duplicates... why are you sending him to Slashdot's main page?
  
  --
  Protect your browser with the Force Safe Search add-on
6. Re:The man in the middle by Achromatic1978 · 2008-08-26 18:25 · Score: 5, Funny
  
  Not the good looking, sweet smelling, celebrity vagina.
  Having seen (or been subjected to), as we all have, to upskirts of Britney, Paris, etc, I gotta say that "celebrity vagina" is by no means universally "good looking, sweet smelling"...
7. Re:The man in the middle by Anonymous Coward · 2008-08-26 18:32 · Score: 5, Funny
  
  Over +9000!!!
8. Re:The man in the middle by symbolset · 2008-08-26 19:04 · Score: 3, Funny
  
  plus goatse has fewer gaping assholes
  So you've never actually seen coverage of the DNC and RNC then? Between the reporters, the candidates and the delegates I doubt a greater mass of gaping assholes was ever assembled.
  
  --
  Help stamp out iliturcy.
9. Re:The man in the middle by symbolset · 2008-08-26 19:07 · Score: 3, Funny
  
  Oops. Sign error. Never mind.
  
  --
  Help stamp out iliturcy.
10. Re:The man in the middle by symbolset · 2008-08-27 06:02 · Score: 2, Insightful
  
  Yeah, I'm going to get a few more like this. And I deserve them. You're right. Let's all lighten up a little, ok?
  
  --
  Help stamp out iliturcy.
Fun fun fud by Anonymous Coward · 2008-08-26 15:19 · Score: 2, Interesting

Everyone loves sensationalist news headlines. *sigh*
Anyone have any insight as to how serious this ACTUALLY is?
1. Re:Fun fun fud by lordsid · 2008-08-26 15:24 · Score: 5, Insightful
  
  Depends on how much you value your privacy.
  
  --
  IMAGE VERIFICATION IS EVIL!
2. Re:Fun fun fud by QuantumG · 2008-08-26 15:26 · Score: 5, Interesting
  
  Let's put it this way. Email right? It's delivered between hosts completely unencrypted. Imagine you could sniff all the email passing into, say, the white house.. would that be worth something?
  Note, I've also given you the hint to prevent this bullshit from being a problem.
  
  --
  How we know is more important than what we know.
3. Re:Fun fun fud by jd · 2008-08-26 15:27 · Score: 5, Insightful
  
  Find me an internet provider not using BGP, and I'll show you a European who favours ESES. Yes, this is a major problem, BGP is (almost) the only WAN protocol anyone takes seriously and is the only one meaningfully deployed. I've worried about the possibility of BGP poisoning attacks myself, but only because we have a virtual monoculture and monocultures are generally a Bad Idea. They are dangerous animals.
  
  --
  It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
4. Re:Fun fun fud by Kingrames · 2008-08-26 15:33 · Score: 5, Funny
  
  Depends on how much you value your privacy, Mr. Stephen P Wallagher of 4242 Green Leafy Forest Terrace, Springfield, Ohio 55538, Phone number 1-900-Hot Dude, alias "Lovestospooge."
  fixed.
  
  --
  If you can read this, I forgot to post anonymously.
5. Re:Fun fun fud by Anonymous Coward · 2008-08-26 15:36 · Score: 5, Funny
  
  Let's put it this way. Email right? It's delivered between hosts completely unencrypted. Imagine you could sniff all the email passing into, say, the white house.. would that be worth something?
  Note, I've also given you the hint to prevent this bullshit from being a problem.
  So we need to destroy the White House?
6. Re:Fun fun fud by RuBLed · 2008-08-26 15:37 · Score: 4, Funny
  
  Anyone have any insight as to how serious this ACTUALLY is?
  Yes. Someone had managed to re-open the goatse.cx site again.
  
  if you don't believe me, you know there is only one way to find out
7. Re:Fun fun fud by kjots · 2008-08-26 15:45 · Score: 3, Interesting
  
  Anyone have any insight as to how serious this ACTUALLY is?
  How serious? This could potentially render the entire Internet inoperable. For real. Anyone who knows anything about basic Internet protocols should be shitting themselves right about now.
  What we have here is a basic weakness in one of the fundamental Internet protocols; an assumption of trust that is no longer valid. Think spam but a million times worse.
  I'm not usually one to fall prey to 'Imminent Collapse Of The Internet' hyperbole, but this one has me really worried.
8. Re:Fun fun fud by Z34107 · 2008-08-26 15:57 · Score: 4, Funny
  
  Monoculture is bad? Good thing Internet Explorer offers a different take on W3C standards...
  I kid, I kid.
  
  --
  DATABASE WOW WOW
9. Re:Fun fun fud by jd · 2008-08-26 16:08 · Score: 4, Interesting
  
  Let's see. MPLS, SCTP, STP (Scheduled Transfer Protocol), UDP-over-v4, TCP-over-v4, MPLS, UDP-over-v6, TCP-over-V6, IP-over-ATM, IP-over-SCSI, IP-over-IB, IP-over-power, IP-over-carrier-pidgeon, V6-over-V4, V4-over-V6, V6-over-V6, optional recognition of TOS, optional handling of ECN, scalable reliable multicast, anycast, optional recognition of source-based routing, optional recognition of TCP cookies, optional support for packet dropping (RED, GRED, WRED, BLUE, Stochastic Blue, GREEN, BLACK, PURPLE, WHITE), optional support for enhanced authentication packets, IPv6 extended headers, support for unidirectional links, optional support for transitory addressing schemes, optional support for Mobile IP, optional support within Mobile IP for routing realignment, optional support for NEMO, optional use of any of the experimental protocols defined under the names of TUBA, IPv5 and IPv7, anything-over-IPSEC (tunnel or host), anything-over-SKIP -- I've not bothered to keep count, but my Internet link hasn't fallen over yet from diversity. Pity to hear about yours.
  
  --
  It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
10. Re:Fun fun fud by jd · 2008-08-26 16:10 · Score: 5, Funny
  
  Heh. Standards should be the starting point, not the end goal (or, in IE's case, the work of fiction based on the screenplay based on a True Story of one man and his chair).
  
  --
  It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
11. Re:Fun fun fud by Anonymous Coward · 2008-08-26 16:12 · Score: 5, Funny
  
  No, it gets sent through Dick Cheney's hotmail account.
12. Re:Fun fun fud by Anonymous Coward · 2008-08-26 16:38 · Score: 4, Funny
  
  What, you didn't get your secret decoder server?
13. Re:Fun fun fud by Zwicky · 2008-08-26 16:49 · Score: 2, Funny
  
  if you don't believe me, you know there is only one way to find out
  
  I believe you! I BELIEVE YOU!!
  
  --
  "Three eyes are better than one" -- Lieutenant Columbo
14. Re:Fun fun fud by Anonymous Coward · 2008-08-26 16:50 · Score: 5, Informative
  
  How serious? This could potentially render the entire Internet inoperable. For real. Anyone who knows anything about basic Internet protocols should be shitting themselves right about now.
  You obviously don't know the basics of Internet protocols then. Anyone who knows BGP basics knows this problem is inherent in current interdomain routing.
  
  This is not an attack that just anyone can pull off (unlike Dan's DNS vulnerability). You need possess a BGP peering relationship with a provider who doesn't filter the prefixes listed in the NLRI of a BGP update message, as well as any further upstream providers. A _very high_ bar to say the least.
  
  We're seen numerous accidental route leakages over the years and even some malicious hijacking of IP space for nefarious activity as noted in the presentation. Any significant hijacking for the purpose of MITM (hijacking for spam really isn't a priority for ISPs) would be tracked down instantly on the NANOG list and have severe peering repercussions for the offending ISP. Bumping the IP TTL isn't going to do squat for all the BGP anomaly detection systems continually monitoring the routing infrastructure (Renesys, PHAS, etc).
15. Re:Fun fun fud by palegray.net · 2008-08-26 16:51 · Score: 5, Informative
  
  Sensitive government communications ride on networks that operate separately from the public Internet.
  
  --
  512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
16. Re:Fun fun fud by palegray.net · 2008-08-26 16:54 · Score: 5, Insightful
  
  Yet another case for end-to-end encryption. Folks using the public Internet for sensitive communications without employing crypto, are already in a bad position.
  
  --
  512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
17. Re:Fun fun fud by gandhi_2 · 2008-08-26 17:01 · Score: 3, Interesting
  
  So, we can just list any protocol-over-protocol and call that...what?
  On your list alone, how many of them are TCP, IP, and UDP? Doesn't matter if there run on top of another layer or simply encapsulated by another protocol, if someone says there's a big hole in TCP...lets not cry about the TCP monoculture. It has nothing to do with monoculture.
  Sometimes, a can-skinning standard is the best way to skin the cat. Sorry if that creates a cat-skinning monoculture.
  The whole monoculture thing is a stupid argument. If a CSS rendering flaw shows up in the language standard, you could hear MS go "ha ha" cause their "make my own standard" sidestepped the monoculture.
  And you left out Infinite Monkey Protocol Suite, which could be run over PPPoE.
  
  --
  THL phish sticks
18. Re:Fun fun fud by Repton · 2008-08-26 17:03 · Score: 4, Informative
  
  Eh, I was trying to make a reference to the big email scandal of a while ago, where it turned out that important stuff was being sent (illegally) from email accounts at gwb32.com or georgewbush.com instead of whitehouse.gov. Slashdot coverage.
  
  --
  Repton.
  They say that only an experienced wizard can do the tengu shuffle.
19. Re:Fun fun fud by palegray.net · 2008-08-26 17:04 · Score: 5, Informative
  
  Why would someone in the White House use an insecure communications channel to send sensitive correspondence to a foreign official? End-to-end encryption is used in such situations.
  
  Information transmitted from government installations is compartmentalized according to its classification level. Unclassified systems don't reside on the same networks as those intended for classified purposes.
  
  I'm a Navy communications nerd; this is kinda what I do for a living.
  
  --
  512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
20. Re:Fun fun fud by Pikoro · 2008-08-26 18:00 · Score: 3, Informative
  
  Move to Japan. Nearly all the fiber to the home here is IPv6.
  
  --
  "Freedom in the USA is not the ability to do what you want. It is the ability to stop others from doing what THEY want"
21. Re:Fun fun fud by edalytical · 2008-08-26 19:08 · Score: 2, Funny
  
  I'll be right on that dude. I've been looking for a way to escape NAT, moving to Japan is the perfect solution!
  
  --
  Win a signed Stephen Carpenter ESP Guitar from the Deftones: http://def-tag.com/?r=0008781
22. Re:Fun fun fud by ecavalli · 2008-08-26 20:14 · Score: 4, Informative
  
  I admit, I looked.
  
  It's a picture of Bill O'Reilly for some reason.
  
  I... think that's an improvement...?
23. Re:Fun fun fud by adri · 2008-08-26 20:42 · Score: 3, Informative
  
  Just stuff the AS numbers of the BGP anomaly detection systems into the path you're using to hijack and voila! They'll never see it.
  The attack uses spoofed AS paths which include the AS numbers of the ASes in the -return path- of your hijacked traffic. It works because the default eBGP behaviour is to drop routes w/ an AS in the path that matches theirs (loop detection!)
  Its not fool-proof, but you -can- reasonably selectively remove ASes from receiving the announcements.
  Furthermore, if you know the topology near the network you're hijacking, you could figure out all the exit (transit) ASes, spoof those so the announcement never makes it out to the general internet and hijack the traffic near them. Dense peering relationships at multiple places around the internet == your friend in this method.
24. Re:Fun fun fud by Alsee · 2008-08-26 21:25 · Score: 3, Funny
  
  Heay! That's my private info!
  I am now sending a federal law DMCA notice demanding you take my information down.
  BTW, please don't run a Slashdot front page story on my DMCA takedown notice & info.
  -
  
  --
  - - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
25. Re:Fun fun fud by Alsee · 2008-08-26 21:28 · Score: 5, Funny
  
  Whew! Good thing you clicked the "Anonymous Coward" box when you posted that!
  -
  
  --
  - - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
26. Re:Fun fun fud by andy.ruddock · 2008-08-26 21:34 · Score: 3, Insightful
  
  So it's encrypted between the server and your box. What about the other side of the server?
  
  --
  God: An invisible friend for grown-ups.
27. Re:Fun fun fud by rbanffy · 2008-08-26 23:00 · Score: 3, Funny
  
  Why can't I mod something "tragic"?
  
  --
  http://www.dieblinkenlights.com
28. Re:Fun fun fud by sowth · 2008-08-26 23:15 · Score: 3, Insightful
  
  Isn't this why PGP was integrated into many email clients years ago? Since when have people considered the Internet safe from eavesdropping? Since I started using the internet in 1995, I have been warned many times by countless posts and websites informing people of the potential for eavesdropping on the internet. Haven't you seen any of these warnings? This is nothing new.
29. Re:Fun fun fud by Zeinfeld · 2008-08-27 00:50 · Score: 2, Informative
  
  How exactly does that keep the white house's email secret when communicating with people outside of that network? For example if you were someone in the White house sending an email to Russian or Chinese government officals?
  No such network exists, white house email all travels through the regular Internet. The pentagon has some network capability of its own but that is mostly leased lines. Very few parts are actually pentagon controlled fiber. I have been in countless meetings where the pentagon has proposed building its own independent network.
  Some White house email is encrypted. The pentagon has a massive email security project. But that only handles a portion of the traffic.
  And the Bush administration have in any case been routing their communications through gwbush43.com which is run by an outside contractor and which must have been penetrated by the Russians, Iranians, Israelis and every other self respecting intel service.
  
  --
  Looking for an Information Security student project suggestion?
  Try http://dotcrimeManifesto.com/
30. Re:Fun fun fud by thegameiam · 2008-08-27 00:58 · Score: 2, Interesting
  
  Do they do autoconf or dhcpv6, or is it dual-stack? I'm curious how you get DNS resolver addresses...
  
  --
  Need Geek Rock? Try The Franchise!
31. Re:Fun fun fud by Critical+Facilities · 2008-08-27 00:59 · Score: 2, Funny
  
  "Be sure to drink your Ovaltine".
32. Re:Fun fun fud by houghi · 2008-08-27 01:19 · Score: 3, Funny
  
  Or so you would think, but they probably monitoring traffic to /. as well, so now they have his IP. Probably he is now at work, but with his login, they will be able to link it to the times he logged in at home.
  Then some more cross referencing and he is on his way to Gitmo.
  
  --
  Don't fight for your country, if your country does not fight for you.
33. Re:Fun fun fud by lucifuge31337 · 2008-08-27 02:12 · Score: 4, Informative
  
  Anyone who knows anything about basic Internet protocols should be shitting themselves right about now.
  And those of us who actually do this stuff for a living (who already knew at least most of this) are neither surprised, nor any more paranoid about it. As a matter of fact, this might be the sauce needed to get more providers to properly filter announcements, and possibly more. So making this more public might actually be a good thing.
  
  The ability to hijack space is already very well known to anyone in a position to do it, and most of us have accidentally done so at some point in our careers. I know I haxxored 192.168.0.0 by accident once by announcing it to an upstream. Yeah....it happens. And it never should. TO this day, you'll more often than not see RFC1918 space being announced if you get a full routing table.
  
  BGP routing table entry for 192.168.0.0/16, version 3564
  Paths: (1 available, best #1, table Default-IP-Routing-Table)
  Advertised to non per-group peers:
  202.10.0.201 202.10.0.202
  Local
  192.0.2.1 from 0.0.0.0 (192.189.54.221)
  Origin incomplete, metric 0, localpref 101, weight 32768, valid, sourced, best
  Community: 2764:20
  
  --
  Do not fold, spindle or mutilate.
34. Re:Fun fun fud by Palshife · 2008-08-27 02:20 · Score: 3, Funny
  
  Yes. Definitely a good idea on my part.
  Shit.
  
  --
  Attention deficit disorder is a complicated issue, spanning several major... HEY LET'S GO RIDE BIKES!
SSL by jamesh · 2008-08-26 15:26 · Score: 4, Insightful

I hope that all of those people who thought that getting users to blindly accept self signed certs was a good idea are starting to feel a bit stupid now...
An SSL cert signed by a trusted central authority isn't the absolute solution to all mitm attacks, but it's a whole lot closer to 'safer' than not.
1. Re:SSL by Free+the+Cowards · 2008-08-26 15:30 · Score: 5, Interesting
  
  I don't think anyone thinks that self-signed certs should be blindly accepted.
  What should be done is that self-signed certs should be acceptable, with the right handling. The way ssh does this is a good one; it alerts you when you initially connect, and throws up an extremely loud and nasty warning if the host's cert has changed from the last time you connect. This gives you the opportunity to verify the cert out of band if you should care to, and forces an attacker to hit you on your very first access to a given site.
  Properly signed certs should be given higher priority, but a self -signed cert is still vastly better than nothing. The problem is that current browsers treat self-signed certs as being the worst of the three, when in reality they're much better than a naked HTTP connection.
  
  --
  If you mod me Overrated, you are admitting that you have no penis.
2. Re:SSL by Antique+Geekmeister · 2008-08-26 15:31 · Score: 4, Informative
  
  And you actually trust Verisign to be a primary signature authority for SSL? Why? They've cooperated in all sorts of stupidity, such as their temporary insistence on returning their own squatting domain as a valid entry for every non-existent domain in *.com, which was particularly nasty because they own the .com master servers. Do you really think that Verisign is that secure, and wouldn't cooperate in faking keys if a national security agency asked them to?
3. Re:SSL by jd · 2008-08-26 15:38 · Score: 4, Informative
  
  They gave away Microsoft's private keys to someone who called them, a while back, in a rather infamous case that forced Microsoft to change their entire update system and their collection of "secure" sites. If they've done it once, it can clearly happen again, and the lack of publicity may simply be evidence of better media management. I'd be very wary of trusting them with anything and would be skeptical of any institution that relied on Verisign for any kind of critical proof-of-identity situation, though they're probably reasonable enough for personal certs.
  
  --
  It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
4. Re:SSL by Jah-Wren+Ryel · 2008-08-26 16:00 · Score: 4, Insightful
  
  What should be done is that self-signed certs should be acceptable, with the right handling. The way ssh does this is a good one; it alerts you when you initially connect, and throws up an extremely loud and nasty warning if the host's cert has changed from the last time you connect.
  That's great and all if you are an internet mechanic. But what if you just want to drive the damn car? For those people, who are the majority, those messages don't mean squat. Which means they have just as much a chance of picking the unsafe choice as they do the safe choice. So Firefox's solution has been make it hard to pick the unsafe choice. Make it so that you pretty much have to understand what's going on in order to even get the chance to pick the potentially unsafe choice. That seems like a pretty good policy to me.
  
  --
  When information is power, privacy is freedom.
5. Re:SSL by nine-times · 2008-08-26 16:12 · Score: 4, Insightful
  
  Properly signed certs should be given higher priority, but a self -signed cert is still vastly better than nothing. The problem is that current browsers treat self-signed certs as being the worst of the three, when in reality they're much better than a naked HTTP connection.
  Exactly. I certainly don't want to sign on to my online banking for the first time and find that it's using a self-signed certificate. On the other hand, if I had to choose between a self-signed certificate and transmitting login information in plain-text, there's no contest.
  I'm of the opinion that encryption should be encouraged in order to stop simple snooping, even if it doesn't prevent more complex attacks. It's not as though certificate authorities are all that diligent in their identity verification anyhow.
6. Re:SSL by Anonymous Coward · 2008-08-26 16:24 · Score: 5, Informative
  
  Here's a link to information about the incident you mentioned:
  http://www.microsoft.com/technet/security/Bulletin/MS01-017.mspx
7. Re:SSL by epine · 2008-08-26 16:57 · Score: 2, Insightful
  
  This whole debate would be better centered if Firefox put up the same scary boxes for unencrypted .htaccess as it does for self-signed certs. How could one be worse than the other?
  Unless you use a password generator (such as apg on OpenBSD) and have a photographic memory, passwordsafe, and never suffer hang-overs, most people re-use similar password structure even if the careless passwords and careful passwords are significantly different (which I doubt is the norm).
  What do you think the entropy is on the average person's bank password after half a dozen samples of their unencrypted throw-away passwords have been sprayed around the internet by a bunch of imperioed BGP routers?
  And that's not even counting the occasion where you lose the marble momentarily and discover you've just typed your most uber secure password into a login field the wrong tab, which means it now needs to be burned, but who does?
  Passwords passed around the internet in plain text just as tainted as any self-signed SSL cert, and twice as self-inflicted. Brought to you by the same grey beards who engineered open SMTP relays.
8. Re:SSL by dacut · 2008-08-26 18:30 · Score: 5, Informative
  
  They gave away Microsoft's private keys to someone who called them
  Not quite. Microsoft's private key wasn't compromised; their identity was stolen. The attacker convinced VeriSign to sign his certificate claiming to be "Microsoft Corporation." The whole point of PKI is to never transmit your private key, even to an authority like VeriSign. As usual, the technology is secure; it's the people running it who aren't.
9. Re:SSL by bit01 · 2008-08-26 20:08 · Score: 4, Insightful
  For those people, who are the majority, those messages don't mean squat.
  Until self-signed certificates are less safe than bare http any justification for putting up scary messages for self-signed only is nonsense.
  The real problems that need to be fixed are:
  
  The potential for confusion between externally signed and self-signed and the degree of trust thus evidenced. Firefox should use a different lock icon for encrypted transport and for identity validated instead of conflating the two. Some more extensive interface change might be appropriate (color change somewhere?)
  It's a site change from externally signed to self-signed or bare, or from self-signed to bare that should be flagged. Firefox should remember signed site state and flag with popups when those transitions occur. Those popups should be integrated with the existing warning popups.
  That seems like a pretty good policy to me.
  It's not good policy to put up popups that have no meaning. Just like the boy that cried wolf and Vista UAC all you're doing is training the user to ignore popups when they do matter.
  Programmers complain incessantly about users ignoring messages. Almost always it's the programmer's fault for not designing their user interface for their target audience. Why on earth should a user take any notice of messages that
  
  are meaningless because they're written in software dialect English not mainstream English
  are often more important to the programmer than to the user
  do not give the user any avenue to respond. i.e. do not tell the user step-by-step what to do.
  ---
  "Advertising supported" just means you're paying twice over, once in time to watch/avoid the ad and twice in the increased price of the product to pay for the ad.
10. Re:SSL by Jah-Wren+Ryel · 2008-08-26 20:37 · Score: 3, Insightful
  
  Until self-signed certificates are less safe than bare http any justification for putting up scary messages for self-signed only is nonsense.
  Consider this - how often is a neophyte going to connect to a site with a self-signed certificate that actually has important information to keep encrypted but without any special instructions given ahead of time? Now how often is a neophyte going to connect to a spoof site (of a site which, by definition has important information, else it wouldn't be spoofed) with the use of a self-signed certificate?
  I think the second case is going to be a lot more common than the first.
  
  It's not good policy to put up popups that have no meaning. Just like the boy that cried wolf and Vista UAC all you're doing is training the user to ignore popups when they do matter.
  Talk about missing the point. Neophytes will NEVER know what to do with a pop-up of highly technical nature like this one. So better that the pop-up guide the neophyte into the default safe case while still providing information and choice to cognizant users. That's exactly what firefox does now.
  
  --
  When information is power, privacy is freedom.
11. Re:SSL by radarsat1 · 2008-08-27 00:36 · Score: 2, Insightful
  
  Programmers complain incessantly about users ignoring messages. Almost always it's the programmer's fault for not designing their user interface for their target audience.
  whoa whoa whoa... what is the programmer doing designing the user interface??
  I kid, I kid. I know it happens all the time, even I do it. But in the cases of companies like MS or even larger organizations like Mozilla, I'm not really joking..
12. Re:SSL by Zeinfeld · 2008-08-27 01:04 · Score: 2, Insightful
  
  This is odd because CAs should never have a copy of their client's private keys in the first place.
  And that never happened in this case either.
  Eight years ago a group of hackers applied for two code signing certificates for microsoft.com. During the issue process it was discovered that the application was fraudulent and that the certificates had already been issued. A bug in the issue processing software had allowed a single operator to issue the certificate, the process is meant to require two.
  The issue was immediately reported to Microsoft and a public statement made. The certificates were also placed on the certificate revocation list. The certificates expired many years ago and there is no evidence that they were ever used.
  That is two process failures out of something like 400,000 SSL certificates issued each year.
  The system is actually designed to cope with some failures, that is one reason we have CRLs and now OCSP.
  
  --
  Looking for an Information Security student project suggestion?
  Try http://dotcrimeManifesto.com/
13. Re:SSL by maztuhblastah · 2008-08-27 01:47 · Score: 5, Insightful
  
  That's great and all if you are an internet mechanic. But what if you just want to drive the damn car? For those people, who are the majority, those messages don't mean squat.
  And you know, teenage kids who "just want to drive the damn car" are also responsible for a substantial portion of collisions. Coincidence?
  The fundamental mistake of computer security is assuming that it can be made easy for the lowest common denominator. It can't. Sorry, I've got no clever analogy for this one -- but it's true. There is simply no way that you can design a system that can retain its security in the face of a user that is both ignorant and has no desire to learn how to properly use the tools at his disposal. You just can't do it. Warnings will be ignored, errors will be bypassed, and someone who wants to remain ignorant will, no matter how many hoops he has to jump through to do it. Most users aren't just ignorant -- they revel in it: how many times have you heard someone say "Oh, I'm just hopeless with computer stuff", followed by a smirk and a giggle? There ain't enough crypto in the world can protect that user.
  Designing a security measure around the lowest common denominator will make everyone less secure, all in the name of making someone who wants to remain ignorant slightly more comfortable. And for the benefit of all of us who want real security, this is a very, very bad idea.
  
  --
  The real litigious bastards...
14. Re:SSL by nine-times · 2008-08-27 02:44 · Score: 2, Insightful
  
  This is a false dilemma. If your bank's web site presents a self-signed certificate, then you shouldn't log into your account.
  Well, yeah, that was my point. If it's my bank then I want a certificate from a real CA. However, if my friend is running a private forum and he wants to use a self-signed certificate rather than paying for one, I'd probably rather he do that than leave my login information as plain-text.
  The problem, in my mind, is that login credentials should *always* be encrypted, but we shouldn't require that every website pay someone else for a certificate that they can generate themselves. Since most sites aren't going to get complex phishing and man-in-the-middle attacks, it's probably not that big of a deal. The security of the key exchange should be roughly proportional to the required security of the site, but logins should always be encrypted.
  If anything, the glut of certificates granted by careless CA who don't bother to verify identities is fostering a false sense of security.
Scary Much? by creature124 · 2008-08-26 15:27 · Score: 5, Informative

I find the thought of this genuinley scary. Correct me if I am wrong, but we would have to change the BGP protocol itself to fix this issue. That isn't going to happen anytime soon I reckon, so I guess there is nothing we can do but encrypt senstive transmissions and hope for the best.
1. Re:Scary Much? by dlgeek · 2008-08-26 15:33 · Score: 5, Insightful
  
  Well, no. Large ISPs don't have to accept and forward routes from customers without verifying them. The solution to this is the same as preventing forged IP source addresses: stop it at the origination point. If you're an ISP with customer A and customer A starts advertising routing for an IP range they haven't previously advertised, don't accept the advertisement and forward it up the chain until you verify that they actually should advertise that route.
2. Re:Scary Much? by jd · 2008-08-26 15:33 · Score: 3, Informative
  
  BGP is supposed to be authenticated between peers, but clearly not nearly enough. If IPSEC was enabled (it's likely to already be present) on all routers, then BGP traffic between routers would be guaranteed both encrypted AND authenticated. Or, if you prefer, there are a very very few other routing protocols for WANS - ESES probably being the one most taken seriously. (ESES is the exterior gateway version of ISIS. Both are mature protocols with a lot of hardware out there that can support them.)
  
  --
  It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
3. Re:Scary Much? by jd · 2008-08-26 15:45 · Score: 3, Funny
  
  Fixed SMTP is called X.400.
  
  --
  It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
4. Re:Scary Much? by Randle_Revar · 2008-08-26 16:39 · Score: 2, Funny
  
  XMPP
  
  --
  Climate Progress - Hell and High Water
5. Re:Scary Much? by Alascom · 2008-08-26 16:39 · Score: 4, Informative
  
  BGP is authenticated, and using IPSec will not solve anything. BGP peers must configured the IPs of their neighbors, and in many cases an MD5 secret as well. This is pretty strong authentication. The point here, is that anyone can get a high-speed link from an ISP, and that ISP will talk BGP to you. Then you simply tell you ISP about your network through BGP, and also tell it about some additional network routes and the ISP passes it along.
  The way to prevent this today, would be for the ISP that peers with you to know which IP blocks you own, any filter out any other routes your send over. But, this is a lot of work for the ISP so very few of them do it.
Why this is not an issue: by teknopurge · 2008-08-26 15:34 · Score: 4, Insightful

BGP is almost always setup manually, at least when first configured. Network admins: DO NOT PUT UNTRUSTED PEERS IN THE ACLs. Joe smith running BGP on 123abcxxxhost.nl has no business being in your tables. If you're accepting adverts from any AS you deserve what you get.
The routing on the Internet has always been hierarchical: get updates from your upstreams. If they send you bad info you're SOL anyway, just like SSL certs and Verisign's root certs.

--
Website Hosting
You can bet good money... by Caspian · 2008-08-26 15:35 · Score: 4, Insightful

...that the good folks at the NSA (and/or the FBI, CIA, DHS, ATF, etc., as well as their counterparts in other nations) have been exploiting this for years.

--
With spending like this, exactly what are "conservatives" conserving?
1. Re:You can bet good money... by inKubus · 2008-08-26 15:46 · Score: 4, Informative
  
  Yeah, but they don't need to poison BGP to read our data, since they have access by the Tier 1 providers and telcos to the actual photons on the backbone fibers. And of course legal immunity now that they passed that bill.
  Nay, this would best be used against other countries, where the NSA actually works.
  
  --
  Cool! Amazing Toys.
2. Re:You can bet good money... by jd · 2008-08-26 15:48 · Score: 4, Interesting
  
  If that's the British DHS, the American counterpart is Home Depot, and it should be obvious why they'd want to spy on people. This isn't really a security issue in the same sense broken encryption or the loss of unencrypted data is a security issue, though, so can someone icon and section to "mindless stupidity in protocol design" and/or add "Stone De Croze" to the tags?
  
  --
  It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
3. Re:You can bet good money... by KPU · 2008-08-26 16:26 · Score: 4, Funny
  
  Home Depot? The store that sells wood is spying on my Internet access?
4. Re:You can bet good money... by inKubus · 2008-08-26 16:35 · Score: 2, Interesting
  
  BGP is what Internet routers use to tell each other what incoming traffic should be routed where. It isn't used for actual user data transmission.
  Yeah, probably it's best to avoid the internet for sensitive traffic. And they do. They have their own copper, fiber, microwave, and satellite telcom system. Yes, some of it is leased from the telcos but I doubt if the packets come anywhere near the internet routers.
  But not all governments have the luxury of that sort of system and I'm sure a lot of them use the internet to communicate globally. That's why we generously helped them put in all those undersea cables...
  Oh, by the way, there are "private" companies with undersea fiber that are not peered to the internet, and no one knows about them. Some things you can't trust the telco with.
  The last thing you should trust is the Internet. Even with encryption, the way it works is on implied trust relationships. So does DNS, and so does the public key infrastructure. As other posters mentioned, you are relying on your upstream provider to give you clean routing tables. The advertised routes need to be the real best route to a closer hop. And somewhere there are the root servers which have the master tables.
  An interesting way to maybe catch them would be to analyze the BGP tables (archive them somewhere and actually get a real list of good hosts). I know there are projects such as Route Views which attempt to archive the routing tables. This might be a start. You would need to whitelist people though, or blacklist certain subnets, and it sort of defeats the point of the Internet being open.
  
  --
  Cool! Amazing Toys.
5. Re:You can bet good money... by Randle_Revar · 2008-08-26 16:42 · Score: 4, Funny
  
  If that's the British DHS, the American counterpart is Home Depot, and it should be obvious why they'd want to spy on people.
  So they can tell if you have been going to Lowe's?
  
  --
  Climate Progress - Hell and High Water
6. Re:You can bet good money... by florescent_beige · 2008-08-26 17:05 · Score: 4, Funny
  
  He meant the Department of Homeland Depot. It's the privatization of government, don't you know.
  
  --
  Equine Mammals Are Considerably Smaller
7. Re:You can bet good money... by florescent_beige · 2008-08-26 17:10 · Score: 2, Funny
  
  The one we all want to know more about is Victoria's Secret Service. I demand congressional hearings on, you know, that! Etcetera!
  
  --
  Equine Mammals Are Considerably Smaller
8. Re:You can bet good money... by rabiddeity · 2008-08-26 18:01 · Score: 2, Funny
  
  Home Depot? The store that sells wood is spying on my Internet access?
  Yeah, they really know how to put the thumbscrews on.
Flaw revealed years ago by sleeponthemic · 2008-08-26 15:38 · Score: 3, Funny

A hacker marauding by the name "Goatse" exposed it quite effectively some years back.

--
I record my sleeptalking
I archive the talk by stits · 2008-08-26 15:39 · Score: 5, Informative

It was really cool, opened a lot of peoples eyes. Here is the archive, http://www.stits.org/fp/Defcon_16/. Please don't flood it and only download it if you will use the info. I also took a ton of photos: http://www.flickr.com/photos/stits/sets/72157606608859399/ Hope to see you all next year!
Wait, you're telling me.... by Alsee · 2008-08-26 15:40 · Score: 5, Insightful

Wait, you're telling me that they taught US intelligence agencies and the National Security guys how to attack the internet with man-in-the-middle attacks and exploits to fool routers into re-directing data to an eavesdropper's network...
and they didn't do anything to end the interception and eavesdropping problem???
I am shocked.
-

--
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
I'd trust Mudge on this. by kwabbles · 2008-08-26 15:40 · Score: 4, Interesting

The guy's been involved in many of security's moments in history.

--
Just disrupt the deflector shield with a tachyon burst.
If you have BGP peering... by mbone · 2008-08-26 15:43 · Score: 5, Interesting

There is a lot of harm you can do, least for a short while. But I have to say, this seems like a lot of FUD to me.
It is not trivial to get BGP peering, or to keep it if you are doing bad things. You will need one or more peers, and they will have to do this for you manually, not automatically. And (as I can attest) the AS prepending this attack relies on is a very blunt instrument.
Here are the troubles I see
- You need to be able to offer a better path from Point A to Point B than the existing Internet topology
- Unless you are Dr. Evil and can afford infinite bandwidth, this better path had better not also apply to a large chunk of the Internet, or you will get hosed with a lot of bandwidth (and, also, instantly stick up on the screens of NOCs all over the place) and
- If you are relying on AS prepends, these affect the path from you, but not directly the path to you. They are notoriously tricky and may stop working (because of changes in other people's advertisements) at any time.
So, to me, this is a might work sometimes for some people in some places, but probably not that well on a general basis.
The DNS cache poisoning sounds a lot worse, frankly.
1. Re:If you have BGP peering... by CodeBuster · 2008-08-26 16:09 · Score: 5, Interesting
  
  You need to be able to offer a better path from Point A to Point B than the existing Internet topology.
  It has been done before. In fact for many decades during and after the Cold War the United States offerred some of the best quality data services at the highest speeds for cheap prices (subsidized by your tax dollars) merely to ensure that the majority of the international telephone and non-satellite data traffic passed through the United States somewhere along the way from Point A to Point B.
  
  Unless you are Dr. Evil and can afford infinite bandwidth, this better path had better not also apply to a large chunk of the Internet, or you will get hosed with a lot of bandwidth.
  As I mentioned above the US Government can afford a lot of bandwidth when they want to and they want to ensure that as many ISPs around the world chose our fast subsidized fiber backbones (I say backbones because last-mile service for consumers in the US still sucks hard core compared to Korea, Japan, and even Europe) to route their traffic across the globe (i.e. they lease bandwidth from US companies and the data passes through US borders). If some people don't think that US companies are complicit in this, *cough* AT&T *cough*, then the whole telecom immunity debate just went over their heads.
  
  So, to me, this is a might work sometimes for some people in some places, but probably not that well on a general basis.
  Better than none of the time so why not try and make the best of it if you can (NSA's point of view).
2. Re:If you have BGP peering... by DeadBeef · 2008-08-26 17:23 · Score: 2, Informative
  
  I haven't come across a good technical description of the attack, but I expect that the AS path prepending is just to stop the transit AS that you are using to reinject the traffic from sending the traffic straight back at you.
  ie. if you know AS666 is a transit for AS69 (that you are hijacking the traffic from), then you prepend AS666 in the path you advertise to the rest of the internet and bgp loop detection on the routers in AS666 will drop the bogus path and send your traffic to the real target AS69 instead.
  
  --
  I am a lawyer and this constitutes legal advice and I shall indemnify you against any losses arising from taking it.
Sigh... by ZarathustraDK · 2008-08-26 15:46 · Score: 3, Insightful

'I went around screaming my head about this about ten or twelve years ago... We described this to intelligence agencies and to the National Security Council, in detail.'

For a hacker he's pretty dumb. Everyone knows that the best way get attention directed to an exploit is to publish the entire kiddie-porn-folder of the person who can fix it, using the exploit in question.

--
If you quote this signature there'll be 72 copies of Windows ME waiting for you in Heaven.
A design: X says Y=Z. by Animats · 2008-08-26 15:49 · Score: 5, Interesting

I looked at this problem back in the early 1980s, when I was doing some work on TCP. I was trying to come up with a routing protocol that didn't require passing the same information around repeatedly, because backbone networks had very low bandwidth back then, and the existing routing protocols had either O(N^2) traffic or the "hop count to infinity" problem.
I came up with something called "Gateway Database Protocol", which was a scheme for passing tuples of the form "X says Y=Z" around. The idea was that any node seeing inconsistencies in "X says ..." would propagate the tuple back to X, revealing the problem to X.
This is enough to detect hijacking, but not enough to stop it. I'd worked out a scheme good enough to automatically correct erroneous data, but not one good enough to deal with the insertion of hostile data. The design goal back then was to guarantee that if the hostile site was removed from the network (perhaps forcibly), the system would then stabilize into a valid state.
That's not enough any more. But it is worthwhile considering that a routing protocol should have the property that if X's info is being faked anywhere in the network, X hears about it. BGP doesn't do that.
ESES is mature? by thegameiam · 2008-08-26 16:01 · Score: 4, Insightful

I've seen implementations of ISIS, and have deployed it myself in both IP and ATM environments. I've never seen an actual deployment of ESES, and I've never heard of one either. I've encountered ISIS adjacencies which don't form correctly, and come up as ESIS, though.
What hardware supports ESES?

--
Need Geek Rock? Try The Franchise!
Latency jump by Bill,+Shooter+of+Bul · 2008-08-26 16:02 · Score: 3, Informative

The whole MITM thing would raise a flag unless the attackers were close enough to the real routers for the ip address block it was hijacking. Several companies I know notice when BGP screws up and doubles their latency. They notice and complain loudly.

--
Well.. maybe. Or Maybe not. But Definitely not sort of.
Correction by thegameiam · 2008-08-26 16:12 · Score: 4, Informative

- If you are relying on AS prepends, these affect the path from you, but not directly the path to you. They are notoriously tricky and may stop working (because of changes in other people's advertisements) at any time.
Not quite.
Prepends affect your outbound announcements, and this affects inbound traffic to you. Prepends are the most effective tool for BGP manipulation because they're transitive - announcing more specifics works too, but that's not quite the same thing.

--
Need Geek Rock? Try The Franchise!
What did he expect? by frovingslosh · 2008-08-26 16:16 · Score: 5, Insightful

a drastic weakness in the Internet's infrastructure ...to eavesdrop on Net traffic in a way that wouldn't be simple to detect. ... testified to Congress in 1998 ... disclosed privately to government agents how BGP could also be exploited to eavesdrop. '..... We described this to intelligence agencies and to the National Security Council, in detail.'....
Great, give the very people who want to abuse this the most the inside details, then show shock when it isn't fixed.

--
I'm an American. I love this country and the freedoms that we used to have.
Let the Rickrolls begin! by randall77 · 2008-08-26 16:30 · Score: 2, Funny

Enterprising hacker hijacks BGP and Rickrolls the whole world in 3... 2... 1...
this is one of those exploits by circletimessquare · 2008-08-26 16:40 · Score: 4, Insightful

that requires one teensy weensy detail to work (in other words, one huge wonking detail)
here, it is to be a bgp level peer
kind of like i can empty a bank of all of its money
all i need is the key to the safe
yeah, minor detail
so do i panic now?

--
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Re:Oh, just great! by inKubus · 2008-08-26 16:51 · Score: 2, Interesting

Dude, l0pht aka @stake sold out in the early 2000's. Their only claim to fame was their work on the CdC "Back Orifice" and of course "l0phtcrack", which just tricked out LM passwords from cleartext, big deal. Everyone knows about BGP!
He (Munge) turned it into a deal, and now he works for BBN. That's where the money is (or has been). Just because someone was at Defcon once doesn't mean he's not working for the Feds. There are some benefits to working for the government.
It's nice how they've packaged this presentation but this is not news really.

--
Cool! Amazing Toys.
Re:Oh, just great! by Jane+Q.+Public · 2008-08-26 16:57 · Score: 3, Informative

I am familiar with l0phtcrack... I used it to reset a password or two back in the day. It came recommended (believe it or not) by one of the higher-ups in Microsoft network security.

Oh... but it did more than just sniffing cleartext passwords. It would also decipher encrypted passwords over the net, given plenty of time. And it could be used to crack encrypted Hosts passwords.

I always wondered why they did not follow it up.
So *That's* How They Do It by Doc+Ruby · 2008-08-26 17:08 · Score: 2, Insightful

So these guys go and convince the spooks that the Internet can be hijacked for comprehensive but totally stealth eavesdropping. And the spooks "don't do anything about it".
Except they do, don't they. The spooks go ahead and snoop the entire Internet. For the last 10 years.
I'm surprised at only the fact that the L0pht guys and others are still alive and running around loose to tell anyone that the spooks have known how to do this for this whole time.
Why is it taking so long for all Internet traffic to be encrypted end to end by default?

--
--
make install -not war
Re:Oh, just great! by inKubus · 2008-08-26 17:14 · Score: 2, Interesting

Yeah, I was exaggerating. Mudge was pretty good. But to say that he sold out the Internet to the Feds is pretty false. I mean, they built it, and the dudes at the NSA have long known about the intrinsic properties of BGP. BBN built a lot of it, actually, which is sort of ironic.
It is weird though that you saw them drop off the map (along with a lot of other high profile people) after 2001 and now a lot of them work for the Feds. But like I said, that's where the money is (or was).

--
Cool! Amazing Toys.
SLASHDOT SUX0RZ by Anonymous Coward · 2008-08-26 17:16 · Score: 5, Funny

You called? Sorry I'm late

The Internet's Biggest Hole Revealed at http://goatse.cz/
Not really the unsafe choice. by Kadin2048 · 2008-08-26 17:42 · Score: 3, Insightful

> So Firefox's solution has been make it hard to pick the unsafe choice.
Except they really haven't. They've made it hard to make the sorta-kinda-theoretically-less-safe choice, the one that might result in a MITM attack, but in doing so they discourage SSL use generally.
Do you think that hypothetical user you're talking about is going to notice whether the page is using SSL or not? I doubt it. And a lot of companies seem to agree, and use plain old HTTP for all sorts of stuff when they shouldn't (we just had an FPP on this a few days ago, in fact).
As script-kiddyable as MITM attacks may get, they're never going to be as easy as just sniffing unencrypted traffic, and any time you make encryption difficult or complicated, that's the alternative people use.

--
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
Re:US Government can't be trusted by gujo-odori · 2008-08-26 17:44 · Score: 2, Interesting

s/The US Government is/governments are/
There, fixed that for ya.
Do you really think government anywhere is trustworthy, or that only the US government would use this technique?
This technique isn't even hard. I used to work at an ISP in Japan that once spent the best part of the day off the Internet because an incompetent router admin in the ROK was announcing our IP space. We finally managed to get the guy on the phone, only to find that his ability to either speak or comprehend English was negligible and that he spoke no Japanese at all. By then, he seemed to have some clue that he'd screwed up and said he was working on it (I wouldn't be surprised if he announced routes for other ASes than ours). When my jaw really hit the floor was when he managed to explain that he had done this before. He obviously didn't get reamed by his boss enough the first time he screwed up like that.
As soon as I started reading TFA, I thought "I bet I know how they did it" - and I'm no CCIE level network engineer - and it turned out I was spot on. The technique is simple enough that I'm sure L0pht Heavy Industries 10 years ago were nowhere near the first group to come up with an attack like this. Heck, they probably didn't tell the NSA anything they didn't already know. Any CCIE could devise an attack like that, and so could quite a few people who aren't CCIEs.
Spying on a large group of Internet users would require tremendous bandwidth and hardware, however - what you might call a rather conspicuous amount of both. It's also not something that would go unnoticed for a really long time by the network engineers at large networks. It might start with a customer complaint of long ping times into their network, or it might start with a neteng looking over the BGP table for something unrelated and thinking, "That's funny" - but it would certainly be noticed. Routing all the traffic for a large AS in, say, the UK through, say, New York, would not go unnoticed for very long.
The best way to conceal an attack like this would be very near the target network. For example, if you were trying to pick off all traffic bound for a regional ISP, you put your sniffing setup in the same colo facility where they are located.
If the target is a national ISP in a large country - the kind that is likely to have multiple ingress points to their network - the attack becomes more complicated. You have to either be in all their colo locations if you want optimum concealment (and if they are large, they probably own the colo, making it trickier to hide what you're doing), or you need to pull all their traffic through your single location, which is more likely to be noticed.
Another good technique for concealing this kind of attack is to not use it all the time. For example, if you know that there are users on Network A on whom you'd like to spy, and that they are communicating with users on Network B, on whom you'd also like to spy, you have a couple of options. One is to randomly announce routes for Network A (and maybe network B at the same time) for some fairly short period of time and at random intervals long enough to let the BGP state go back to normal, and hope you catch something. Another approach is to use some other intelligence sources to figure out the time of day when the communication usually happens and do your intercepts at that time, then turn them off.
If I can think this up - and I've even been out of the neteng business for over 5 years now - the people who do things like that for a living have not only known about it for many years, they were probably thinking "It took L0pht until *1998* to come up with that, and anyone else another 10 years to come up with a usable exploit?!"
Re:Oh, just great! by gujo-odori · 2008-08-26 17:50 · Score: 3, Insightful

Not exactly weird. If cracking networks, etc., is your bag, and somebody offers you a high-paying, stable job where you can not only spend your time doing that, but doing it without fear of prosecution, that could be kind of hard to turn down.
brilliant by binaryseraph · 2008-08-26 18:19 · Score: 3, Insightful

Oh great idea, lets go straight to the NSA, FBI, CIA, SS and any other agency out there and explain in full detail how to spy on the entire world. Wow, real shocker they didn't fix this one. Even bigger Internet Security Hole: Best Intentions.
One Word by Nom+du+Keyboard · 2008-08-26 18:35 · Score: 2, Insightful

One word: encryption.
End-to-end encryption prevents eavesdropping.

--
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
I think not by DrHyde · 2008-08-26 21:41 · Score: 5, Insightful

A man-in-the-middle attack on BGP would require that you intercept and re-write BGP data. The only place to do that is if you can insert some hardware on the physical route between two BGP-speaking routers. That is, on the cable between two ISPs that are peering with each other or have a transit agreement. While the BGP protocol could, in theory, be routed across the internet, my understanding is that in practice it never is.
Add to that that to successfully perform such an attack, you would need appropriate (expensive) network interfaces and hardware capable of speaking fast enough, and this "attack" becomes something that needs a *lot* of resources to pull off. Sure, governments and big corporations can do it, maybe big organised crime could too, but yer average bedroom cracker couldn't.
And why would the big boys bother anyway, when they can just announce bogus routes?