Suspicious Event Hijacks Amazon Traffic For 2 hours, Steals Cryptocurrency (arstechnica.com)

← Back to Stories (view on slashdot.org)

Suspicious Event Hijacks Amazon Traffic For 2 hours, Steals Cryptocurrency (arstechnica.com)

Posted by msmash on Tuesday April 24, 2018 @08:00AM from the security-woes dept.

Amazon lost control of some of its widely used cloud services for two hours on Tuesday morning when hackers exploited a known Internet-protocol weakness that allowed them to redirect traffic to rogue destinations, according to media reports. ArsTechnica: The attackers appeared to use one server masquerading as cryptocurrency website MyEtherWallet.com to steal digital coins from unwitting end users. They may have targeted other customers of Amazon's Route 53 service as well. The incident, which started around 6am California time, hijacked roughly 1,300 IP addresses, Oracle-owned Internet Intelligence said on Twitter. The malicious redirection was caused by fraudulent routes that were announced by Columbus, Ohio-based eNet, a large Internet service provider that is referred to as autonomous system 10297. Once in place, the eNet announcement caused some of its peers to send traffic over the same unauthorized routes. [...] Tuesday's event may also have ties to Russia, because MyEtherWallet traffic was redirected to a server in that country, security researcher Kevin Beaumont said in a blog post. The redirection came by rerouting domain name system traffic and using a server hosted by Chicago-based Equinix to perform a man-in-the-middle attack. MyEtherWallet officials said the hijacking was used to send end users to a phishing site. Participants in this cryptocurrency forum appear to discuss the scam site. Further reading: Hacker Hijacks DNS Server of MyEtherWallet to Steal $160,000 (BleepingComputer).

67 comments

Min score:

Reason:

Sort:

Wait a minute by Anonymous Coward · 2018-04-24 08:04 · Score: -1

Isn't HTTPS supposed to protect against that?
1. Re:Wait a minute by I4ko · 2018-04-24 08:21 · Score: -1, Offtopic
  
  No. When the i10ts created letsdecrypt a simple dns hijack makes https useless and I can get a valid certificate in seconds. There should be a. mandatory 72 hours delay for every publicity CAB trusted CA between a request for singing and providing the signed object, but alas, it is too inconvenient, that's why we have letsdecrypt these days.
2. Re: Wait a minute by saloomy · 2018-04-24 08:32 · Score: 2, Informative
  
  You are confusing two technologies. The DNS systems employed by lets encrypt doo foot server lookups, and it would be difficult to have a coordinated attack hijack all of their authorization servers. The vulnerability here is in BGP, which advertises routes to public IPs. There are no defenses or security against route hijacking, which allows an attack to take place.
3. Re:Wait a minute by lastman71 · 2018-04-24 08:41 · Score: 2, Insightful
  
  From the fine article:
  "the phishing site used a fake HTTPS certificate that would have required end users to click through a browser warning."
  So: yes it's protected from https... if the user is smart enough to do not accept a fake certificate.
4. Re: Wait a minute by Anonymous Coward · 2018-04-24 08:43 · Score: -1
  
  " There are no defenses or security against route hijacking, which allows an attack to take place. " You license and mandate a named-pipe between backbone colos. You pay that bill from end to end and use that route exclusively.
  That's how. It's money.
5. Re: Wait a minute by Anonymous Coward · 2018-04-24 09:08 · Score: 0
  
  Hijacking domain registries and the provided control panels is piece of cake. I hijack BGP so ipâ(TM)s donâ(TM)t change and it does not raise too much suspicion. I also hijack the domain registry to insert a new fake dns record, so that I can pass letsencrypt validation and tada I have a cert
6. Re: Wait a minute by Anonymous Coward · 2018-04-24 09:20 · Score: 0
  
  It is trivial to obtain a real certificate for a fake site in seconds with letsencrypt
7. Re: Wait a minute by Anonymous Coward · 2018-04-24 09:52 · Score: 0
  
  Citation.
8. Re: Wait a minute by greenwow · 2018-04-24 09:59 · Score: 1
  
  That's BS unless you can upload a file to the target web server or hijack the DNS that Let's Encrypt uses.
9. Re: Wait a minute by lgw · 2018-04-24 10:14 · Score: 2
  
  GPP said "real certificate to a fake site". Did you real that carefully? It's one of the proven DNS-related attacks, although one that's a lot harder these days than when it was first exploited. Attacks included:
  * Typosquatting name (or common misspelling)
  * Names with different punctuation, e.g. "bank-of-america.com" has a certificate, and it looks like "bankofamerica.com", but I wouldn't trust it.
  *Lookalike names via UTF8 tricks (I think every current browser protects against this one now)
  * long URLs that start with something legit-looking and hide the ".attacker.com" off the irght of the display.
  I'm sure you see the pattern. There was even a name like "citibank\0attacker.com" with a null in the registered name at one point, which I though was pretty clever.
  Of course, all these required phishing to be useful, but the point is that HTTPS doesn't protect against phishing. Most of the obvious approaches to fake site names have been closed by browser venders or companies waking up to the need to register "nearby" sites to avoid confusion, and not by any improvements to the underlying protocols.
  
  --
  Socialism: a lie told by totalitarians and believed by fools.
10. Re: Wait a minute by Cramer · 2018-04-24 11:20 · Score: 0
  
  Nope. The issue (ssl certificate) is still entirely a Big Giant Fail(tm) on Let's Encrypt's part. If I can take over your DNS, I can effectively become your server and *poof* now I can those fools to sign a certificate for my stolen domain. Now, these guys didn't actually do that, so there actions where immediately evident.
  Yes, they used BGP to announce more specific routes to parts of Amazon's DNS infrastructure so that traffic came to them. They were then in effective control of many domains, but apparently chose to hijack some cryptocurrency site.
  There are plenty of ways to secure BGP, and routing in general. However, just like the locks on your house, they don't do you any good if you don't actually lock them. We have yet to see a BGP session be hijacked, or an external attack inject a rogue route into an established BGP session. What we DO see all the time are flaming idiots accepting whatever the hell someone advertises.
11. Re:Wait a minute by dev-in-seattle · 2018-04-24 11:26 · Score: 1
  
  But there's a problem, a lot of sites I use in my daily life have out of date security because of the tls version change recently. Chrome tells me that 3 or 4 sites I use where I type my password have dangerous security.
12. Re: Wait a minute by Cramer · 2018-04-24 11:27 · Score: 1
  
  Done. And Done. They took over the address space for Amazon's DNS service (Route 53), so they ARE the DNS for many domains. That gives them 100% control of all DNS answers, including where the server is. That traffic now goes to a server they control. It's trivial to get a Let's Encrypt signed certificate under these conditions.
  (Of course, these guys didn't even bother to do that.)
13. Re: Wait a minute by Anonymous Coward · 2018-04-24 13:37 · Score: 0
  
  It also would make the internet look more like a hub and spoke topology, instead of a flexible mesh.
14. Re: Wait a minute by arglebargle_xiv · 2018-04-24 17:56 · Score: 1
  
  Not just Lets Encrypt, from any CA. DV means you control the domain, which the attackers did. The only difference is that Lets Encrypt gives you the cert while other CAs charge you for it.
15. Re:Wait a minute by Anonymous Coward · 2018-04-24 19:43 · Score: 1
  
  You shouldn't trust a company that can't afford a certificate a year. Less three of them. You sure actually your system certificates are up to date?
16. Re: Wait a minute by Anonymous Coward · 2018-04-24 23:18 · Score: 0
  
  "If I can take over your DNS, I can effectively become your server"
  Not with domain signing (DNSSEC) implemented. Relatively easy countermeasure to prevent domain spoofing.
17. Re: Wait a minute by sabbede · 2018-04-24 23:59 · Score: 1
  
  Does that bypass or defeat DNSSEC?
18. Re:Wait a minute by Anonymous Coward · 2018-04-25 00:31 · Score: 0
  
  When I looked up the process of getting a cert of letsencrpyt, it required that you already had control of the dns record if it already existed. They won't let you take over an existing DNS entry without you already having functional control of the DNS entry.
19. Re: Wait a minute by TechyImmigrant · 2018-04-25 02:53 · Score: 1
  
  >There are no defenses or security against route hijacking
  Yes there are. Common web password authentication is not one of them. Blame the browser vendors.
  
  --
  I should use this sig to advertise my book ISBN-13 : 978-1501515132.
20. Re: Wait a minute by Anonymous Coward · 2018-04-25 14:19 · Score: 0
  
  They took over the address space for Amazon's DNS service (Route 53)
  Why does this matter? I don't trust IP addresses. I trust math. Someone is doing something wrong if they think it's safe to assume an IP address is somehow a guarantee of whois(pun) on the other side.
God dam Ivan’s by Ryanrule · 2018-04-24 08:05 · Score: 0

Can they just not? What’s wrong with them?
1. Re:God dam Ivan’s by Anonymous Coward · 2018-04-24 08:16 · Score: 1
  
  Honestly, who wouldn't hack from / to Russia with the current climate. It's the perfect cover.
2. Re:God dam Ivan’s by Anonymous Coward · 2018-04-24 08:22 · Score: 0
  
  Trump promises he has nothing to do with it and has an excellent relationship with Russian hacker groups.
3. Re:God dam Ivan’s by vtcodger · 2018-04-24 11:03 · Score: 1
  
  And anyway, it's all Hillary's fault.
  
  --
  You can't see ANYTHING from a car, You've got to get out of the goddamned contraption and walk...Edward Abbey
Russia Russia Russia by Anonymous Coward · 2018-04-24 08:08 · Score: -1

Yes, after the fall of the Soviet Union, there were a lot of highly educated folks with no jobs struggling to feed their families. As a result, the Eastern Block was rife with hackers. This tradition has continued.
It is also true that Moscow sponsors a certain amount of hackery. As does every other power in the world.
With this said, the way that Russia gets mentioned in every. single. report. of hacking is irresponsible, both journalistically and ethically.
But then, we live in a world where there are those willing to initiate world war III to achieve their ends, which they see as being accomplished by blaming Russia for every possible evil under the sun.
1. Re:Russia Russia Russia by Anonymous Coward · 2018-04-24 08:11 · Score: 1
  
  It isn't about WWIII, it's about Hillary losing an election that she bought and paid for.
2. Re:Russia Russia Russia by Anonymous Coward · 2018-04-24 08:13 · Score: 0
  
  spoken like a true Russian...
3. Re:Russia Russia Russia by Anonymous Coward · 2018-04-24 08:16 · Score: 0
  
  That's exactly what a Russian would reply...
4. Re:Russia Russia Russia by Anonymous Coward · 2018-04-24 08:30 · Score: 1
  
  I love how this gets modded down.
  But mod up a conservative post or three, and you will lose your modding opportunities for life.
  But sure. Mod down what you don't agree with. Accuse everyone of being a Russian who doesn't agree with you. Live in terror of the Ivan under your bed.
  I've already lived through the Cold War once. At least then we knew the other side was literally killing millions of people. Now, it's just about a DNC cartel that would establish its own flavor of the Soviet system here, who scruple at no lie and at no corruption, who embrace the risk of war, for who no right is worth more than their version of a well ordered and properly thinking society.
5. Re:Russia Russia Russia by Anonymous Coward · 2018-04-24 09:37 · Score: -1
  
  Conservatives aren't being accused of being Russian, Russians are accused of being pseudo-Conservatives in shill accounts to disrupt US govt and support a corrupt and kompromat'd traitor, Donald Jumpsuit Drumpf.
  Get your victimstance hat on straight, comrade nazi punkass-apologist traitor.
6. Re:Russia Russia Russia by Anonymous Coward · 2018-04-24 10:11 · Score: 0
  
  Russians aren't accused of being pseudo-conservatives. Russians are being accused of trying to get Trump elected so he will ease off sanctions on the Russian elites to make life easier for them and Putin.
  What Trump gets out of this, if anything, is irrelevant to that point.
7. Re:Russia Russia Russia by socheres · 2018-04-24 13:52 · Score: 1
  
  mod up!
Click-bait title? by Anonymous Coward · 2018-04-24 08:11 · Score: 0

Amazon lost control vs DNS hijacking have very different connotation
1. Re:Click-bait title? by jeffasselin · 2018-04-24 08:16 · Score: 5, Informative
  
  This was not dns hijacking. It’s BGP hijacking. The routing protocol is horribly outdated and has no security at all. No authentication, no validation. We need a new version of BGP that includes some way to authenticate updates and ensure the routes are for addresses the AS number is authoritative for in some way.
  
  --
  If he explores all forms and substances Straight homeward to their symbol-essences; He shall not die.
2. Re:Click-bait title? by olsmeister · 2018-04-24 08:17 · Score: 1
  
  I guess technically they never really had control of the DNS resolution.
3. Re:Click-bait title? by I4ko · 2018-04-24 08:23 · Score: 3, Informative
  
  It has security. The edge providers have responsibility to not accept announces from customers for IP subtest that do not belong to them. It seems like the guys in Ohio screwed up and allowed receiving and redistributing any announce whatsoever. This is not backbone. Edges should use BGP filters from customers
4. Re:Click-bait title? by Anonymous Coward · 2018-04-24 08:25 · Score: 3, Interesting
  
  No authentication, no validation. We need a new version of BGP that includes some way to authenticate updates and ensure the routes are for addresses the AS number is authoritative for in some way
  
  Authentication normally involves some form of authority. (They even use the same root word). How would you authorize routes when no authority exists?
  I think there has to be a better way to do this, but I suspect it's not through authentication or authorization.
5. Re:Click-bait title? by lgw · 2018-04-24 08:25 · Score: 5, Insightful
  
  That's not "security", that's "good intentions".
  
  --
  Socialism: a lie told by totalitarians and believed by fools.
6. Re:Click-bait title? by jbmartin6 · 2018-04-24 08:38 · Score: 1, Interesting
  
  That's like saying Word for Windows has security because users aren't supposed to enable malicious macros.
  
  --
  This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
7. Re:Click-bait title? by Anonymous Coward · 2018-04-24 10:06 · Score: 0
  
  There are many more ways someone can hijack your traffic and the solution isn't to make the routing more brittle but to verify that the endpoint you're talking to is who you think they are: You can't successfully hijack a valid TLS connection by announcing fake routes.
8. Re:Click-bait title? by jaymemaurice · 2018-04-24 11:08 · Score: 2
  
  I think you mean best practices. You can't just update the routing protocol and expect people to use it properly.
  You can't fix incompetence by simply changing standards all the time.
  Really, this attack was made possible by a whole lot of incompetence at many layers.
  In the end, DNS will likely fix everything...
  https://www.rfc-editor.org/rfc...
  
  --
  120 characters ought to be enough for anyone
9. Re:Click-bait title? by Cramer · 2018-04-24 11:36 · Score: 1
  
  There are plenty of ways to secure BGP, and routing in general. However, just like the locks on your house, they don't do you any good if you don't actually lock them. We have yet to see a BGP session be hijacked, or an external attacker inject a rogue route into an established BGP session. What we DO see all the time are flaming idiots accepting whatever the hell someone advertises.
10. Re:Click-bait title? by arglebargle_xiv · 2018-04-24 17:58 · Score: 1
  
  In the end, DNS will likely fix everything...
  Uptake of DANE, and a large pile of other lets-stuff-security-things-in-the-DNS that people have come up with over the years, is about the same as Firefox' market share. Don't count on this to fix anything.
11. Re:Click-bait title? by Anonymous Coward · 2018-04-24 20:21 · Score: 0
  
  and this kind of thing happens regularly by accident too e.g. https://dyn.com/blog/large-bgp-leak-by-google-disrupts-internet-in-japan/
$160k? Bzzt. Nope. Try again. by Zocalo · 2018-04-24 08:23 · Score: 4, Interesting

Try following the "Out" transactions. Eventually (five or six hops) you're going to end up at this wallet, which currently contains over $17 MILLION USD of ETH. Not bad for a couple of hours work...

--
UNIX? They're not even circumcised! Savages!
Comment removed by account_deleted · 2018-04-24 08:29 · Score: 1

Comment removed based on user account deletion
Just stop the Russia-did-it bullshit by Anonymous Coward · 2018-04-24 08:32 · Score: 3, Insightful

Why the hell would the Russian government steal a few millions of crypto currency? It's the scale equivalent of a millionaire setting up a sophisticated shop and scheme to heist a few pennies, it just makes no sense.
1. Re:Just stop the Russia-did-it bullshit by nuckfuts · 2018-04-24 08:39 · Score: 4, Interesting
  
  It's not the Russian government doing the stealing. It's the Russian government not giving a shit that Russian citizens are stealing.
2. Re:Just stop the Russia-did-it bullshit by Anonymous Coward · 2018-04-24 08:42 · Score: 0
  
  It's the Democrap thing to do. They know nothing, and idiot Americans know less.
3. Re:Just stop the Russia-did-it bullshit by Anonymous Coward · 2018-04-24 08:57 · Score: 0
  
  Anyone that doesn't know that criminals out of Russia have been stealing, spamming and running every scam they can conceive of to make a buck for decades doesn't deserve to call himself a nerd. The Russian mafia fights turf wars over this stuff and murder each other on a regular basis.
4. Re:Just stop the Russia-did-it bullshit by dinfinity · 2018-04-24 09:22 · Score: 4, Interesting
  
  Russian citizens? If you were a hacker (of any nationality), servers in which country would you use to hide your tracks?
5. Re:Just stop the Russia-did-it bullshit by nuckfuts · 2018-04-24 09:32 · Score: 1
  
  OK, let's say "people operating from hosts in Russia". Either way, I don't think the Russian government cares.
6. Re:Just stop the Russia-did-it bullshit by Anonymous Coward · 2018-04-24 09:35 · Score: 0
  
  You're a moron. The Russian government gives both cover and payment for hacking external enemy interests. The dollar amount of take is not the point for the upstream interests.
7. Re: Just stop the Russia-did-it bullshit by Anonymous Coward · 2018-04-24 11:24 · Score: 0
  
  Citation needed.
8. Re:Just stop the Russia-did-it bullshit by nuckfuts · 2018-04-24 12:27 · Score: 1
  
  FFS. How literally do I have to spell out what I'm suggesting?
  I don't think the Russian government cares to stop the activity.
9. Re:Just stop the Russia-did-it bullshit by Anonymous Coward · 2018-04-24 12:47 · Score: 1
  
  It's not the Russian government doing the stealing. It's the Russian government not giving a shit that Russian citizens are stealing.
  Would you expect the US government to lift a finger against a US citizens stealing vaporcoins from Russians?
10. Re:Just stop the Russia-did-it bullshit by rtb61 · 2018-04-25 01:19 · Score: 1
  
  Appear to operate from a hose in Russia, well at least the last detected, point. Just highjack a server anywhere temporarily. Russian servers are good because the US is so desperate to play spy vs spy shit, they can not sit down with the Russian government and sort out some cross border computer crime investigation treaties. So by the time anything is done about the server, the hackers are long gone.
  Of course any espionage agency, from anywhere in the world, could have been involved in this. Not directly, necessarily but simply corrupt employees making use of information provide, obtained via intelligence operations. Criminals, will be, criminals. Those who want to do this stuff for a living, under governments and of the nature to do it privately for far more profit. Agencies should check to see if their backdoors are being accessed not by rare random chance but a little too often.
  Then of course you have all the tech corporations, these people who do not give a fuck about people's privacy or manipulating democracy, or censoring people who disagree with them, all the shit kind of behaviour. How many of those would participate at an 'Executive' level, consider the corruption, insider trading et at, you know they would and they most definitely have the capability, equal to the governments they contract too.
  As the crypto craze expires, more and more criminal activity will become involved in it and it will become increasingly dangerous to be involved.
  
  --
  Chaos - everything, everywhere, everywhen
11. Re:Just stop the Russia-did-it bullshit by dinfinity · 2018-04-25 09:22 · Score: 1
  
  Agreed, which is exactly why routing your malicious traffic through Russian servers is a great idea.
All cryptocurrencies are Ponzi Scams by Anonymous Coward · 2018-04-24 08:46 · Score: 0, Troll

Are (any) fiat-currency and (any) cryptocurrency really equivalent, as cryptocurrency fans claim?
For example, US Dollar and Bitcoin are really equals?
Value/validity/authorization of US dollar is provided/guaranteed by US Government (and in-turn whole US Public)!
Also, not to mention, US Dollars in any US Bank is insured by US Government!
What authorization/guarantee/insurance is behind Bitcoin? Nothing!
Sorry but that is the end of discussion then!
Why do you think Satoshi Nakamoto is really hiding his identity, if Bitcoin is really such a great innovation?
He is just someone does not like media/fan attention?
Or, could it be really because Bitcoin (and all cryptocurrencies followed it) are actually Ponzi Schemes?
(So he knew very well that law enforcement would come after him sooner or later?!)
If so-called cryptocurrencies are really good innovation, why they attract so many criminals/criminal activity?
Could it really be because, all cryptocurrencies themselves are scams, and that is why they attract all kinds of criminals/criminal activity?
If so-called cryptocurrencies are really currency, why no company/store can use Bitcoin as currency anymore?
Because the price of Bitcoin proved to be extremely unstable to use as a currency?
Would the result be different, if Bitcoin replaced by any other "cryptocurrency"?
Aren't all work the same way?
If so-called cryptocurrencies are really money; isn't people issuing their own money, illegal already, in all countries?
If so then, why they are still not banned in all countries?
Or, they are not actually virtual currency but virtual investment?
But, if they are actually investment, why we need/want them?
What would happen to world economy, if people invested in virtual investments, instead of real investments?
Or, all so-called cryptocurrencies are actually just a modified (made decentralized and paying variable interest) Ponzi Schemes?
(Price of cryptocurrencies would keep increasing in the long term (by their design), so it is equivalent of paying variable interest to all long term investors.)
As more and more people invest in cryptocurrencies, it will become harder and harder to ban their trading everywhere!
All cryptocurrencies need to be banned globally before it is too late!
Re:$160k? Bzzt. Nope. Try again. by Anonymous Coward · 2018-04-24 09:37 · Score: 1

If you look at the largest majority of the In transactions in that wallet you'll see that they are all automatted transfers from different mining applications. The guy is a major mining outfit, probably not the scammer.
So when does Rahm Emmanuel get arrested? by Anonymous Coward · 2018-04-24 10:43 · Score: 0

Inquiring minds want to know. After all, he's been shaking these people down for a while now, as is Chicago custom.
My Ether Wallet again?! by monkeyzoo · 2018-04-24 12:07 · Score: 1

Again?!
The Classic Ether Wallet version of My Ether Wallet also had a domain attack that ripped people off last year...
https://www.ccn.com/classic-et...
Why people would trust a web interface for this instead of running a local javascript version I don't know. :/
1. Re:My Ether Wallet again?! by Anonymous Coward · 2018-04-25 00:40 · Score: 0
  
  Why anyone would run javascript at all is beyond me. Let alone javascript loaded from someone elses computer!
Not gonna happen by Anonymous Coward · 2018-04-24 18:52 · Score: 0

msmash is still full on the various bandwagons. russians, hackers, all the scare words. He's so desperate it hurts.
Re:$160k? Bzzt. Nope. Try again. by Zocalo · 2018-04-24 19:07 · Score: 1

The fact that all the Out transactions from a demonstrable BGP hijaack and well implemented spoof site scam end up in this account isn't enough to convince you that it's shady as hell and the owner is just a (fairly serious) miner? Try taking a look at the transaction patterns, yes there are a lot of of them, but the patterns are pretty clear to spot; lots of transfers in a short timeframe, a pause, then another batch and so on. Yeah, I'm pretty sure this wallet's owner is almost certainly involved in mining, but I doubt very much that it's the kind with lots of GPUs or ASICs in a rack so much as lots of malware running on systems without their owner's knowledge and other scam campaigns like the one in TFA. Pretty sure that the wallet has now caught the attention of various authorities though, so might be interesting for the owner to extract their funds if nothing else

--
UNIX? They're not even circumcised! Savages!
Avoid DNS security issues via hosts by Anonymous Coward · 2018-04-25 02:59 · Score: 0

See subject & ÃPK Hosts File Engine 10++ SR-1 32/64-bit https://www.google.com/search?source=hp&ei=ZYrPWpW_H-ykggel7JLwBg&btnG=Search&q=APK+site%3Astart64.com/
Ads/script/malware rob speed/security/privacy/bandwidth.
Hosts add speed (via hardcodes/adblocks), security (vs. bad sites/malware/poisoned dns), reliability (vs. dns down), & anonymity (vs. dns requestlogs/trackers).
Less power/cpu/ram + IO use vs. DNS/routers/addons/antivir + less security bugs/complexity & faster vs. av/addons/routers/remote dns!
Avoids DNSChangers in routers/IP settings & dns redirect (99++% of ISP DNS != patched vs. it) + DNS tracking & lighten DNS load & resolve faster via local RAM!
* Viâ what u NATIVELY have in a FASTER kernelmode IP stack (does more w/ less).
APK
P.S. - This IS why CHINA copied me: Imitation IS the sincerest form of flattery http://www.theregister.co.uk/2017/04/26/boffins_supercharge_the_hosts_file_to_save_users_plagued_by_dns_outages/ ... apk