An Internet Weakness: BGP Hijacking

An Internet Weakness: BGP Hijacking

As we were talking before BGP is the protocol that reigns the Internet. BGP was created with an idea in mind: connect Autonomous Systems (AS) around the world, but security was not taken into account.

A simple action as change (as AS) my information about the best route that I know for another AS, it could redirect all the traffic to a “blackhole”. Also it could increase the response time for a site or region in a considerable quantity. These actions are known as: BGP hijacking.

The BGP hijacking (or IP hijacking) could be generated in an accidentally way or on purpose. In 2008, Pakistan wanted to restrict the access from inside the country to the video site YouTube.

There was a misleading configuration that derived in all traffic to Youtube went to Pakistan. For sure, the site was unavailable for a few time until the BGP tables were updated with the correct routes.

Another similar case, this time from Iran in 2017, was looking for censor some websites to its citizens. The politics were applied and effectively those sites were banned in the country, however this rules were propagated to other AS provoking that users from other countries like China or India couldn’t access to them. Zach Julian made a good analysis about the incident and how the rules were propagated.

If want to read it, here’s the link.

Even all the IP addresses from an entire city could got redirected to a blackhole.

An attack generated on purpose, categorized as a Phishing attack, was detected last year: Amazon’s Route 53 service were hijacked and affected all the traffic that went to this service.

The attackers redirected the traffic from MyEtherWallet.com, a cryptocurrency website, to an identical fake side and they stole a small amount of currency. With the attack, the users were entered to the correct address, but they were redirected to a fake server located in Russia.

BGP hijacking as a censorship tool

As we can see, it’s totally possible to restrict content to a province, state or even a country. In a fictional context of a “cyber war”, a group of attackers could make that sides from a whole country cannot be accessed from other places. This could provoke considerable economic losses while the hijacking is active.

Also a group of institutions could agree to ban another institution or country from their AS and groups that does not have relation with the agreement could be affected by this. For example: AS1 and AS2 want create a “blackhole” effect in all the traffic that is for AS4, so they will not redirect to that AS.

Exists another AS (AS3) that depends on AS1 and AS2 to connect to AS4, but the agreement will not allow the traffic to AS4. It does not matter if  AS3 and AS4 has excellent relation, they will not could connect with each other.

It has happened more than 25 years since BGP creation and the protocol still vulnerable to this kind of attacks. Of course, there are strategies to avoid a possible attack, but the BGP hijacking still active and all the internet structures remains on it. It is necessary to move to another protocol more secure than the actual and one that does not allow the censorship to another AS.


About 4Geeks: 4Geeks is a global product development and growth marketing company, and all-in-between, focused on 10X ROI for startups, small and mid-size companies around the world. 4Geeks serves industries like E-Commerce & Retail, Startups, HealthTech, Marketing, Banking & FinTech and Real Estate. Headquartered in United States, and nearshore development centers in Mexico and Costa Rica. Pura Vida!

Plan to build an extended engineering team in Latin America? Start right here.