Hack Lets Researchers Silently Eavesdrop on IP Networks

Two researchers are gaining some attention this week as they discuss a BGP eavesdropping hack that they demonstrated at the Defcon conference in Las Vegas two weeks ago.

The design flaw in the Border Gateway Protocol (BGP), which is used for Internet routing, has been known for years. In the past, however, attacks that exploited the flaw were immediately detected, because they interrupted the flow of network traffic.

Anton "Tony" Kapela, data center and network director at 5Nines Data, and Alex Pilosov, CEO of Pilosoft, demonstrated at Defcon a way that an eavesdropper could intercept Internet traffic and then use alternate methods to silently deliver it to its destination, so that neither the sender nor the recipient would immediately notice any interruption.

"Everyone has assumed until now that you have to break something for a hijack to be useful," Kapela told Wired.com. "But what we showed here is that you don't have to break anything. And if nothing breaks, who notices?"

The hack could be detected through careful analysis of BGP routing tables, and Internet service providers could prevent it through a filtering mechanism, the researchers said. However, both the detection and the filtering would involve processes that are complex and aren't typically done today, which means that exploits might go unnoticed for long periods unless more immediate steps are taken.

— Tim Wilson, Site Editor, Dark Reading