Border Gateway Protocol Hijacking - Examples and Solutions

Author. Olivier Moll     Nov 10, 2020
Border Gateway Protocol Hijacking - Examples and Solutions

BGP hijacking continues to threaten businesses around the world - what can you do about it?

Border Gateway Protocol (BGP) hijacking has been a thorn in the side of private individuals and businesses everywhere since the dawn of the internet. However, what is BGP hijacking, and how can you as a business, protect yourself from such attacks - find out in this blog post.

What is BGP hijacking?

BGP hijacking refers to cybercriminals maliciously intercepting or rerouting internet traffic. Their purposes for this include stealing data, causing disruption to service or anything in between. While we may never know the full intent of every BGP hijacker, the method is the same.

Attackers accomplish BGP hijacking by falsely announcing ownership of groups of IP addresses. These addresses promise a faster, more direct route to your data’s destination. It is usually on this path where the theft of data occurs.

What makes BGP hijacking so effective is that there is very little you can do about it when using the internet. This is because BGP, the protocol the internet uses for every user, is built on the assumption that interconnected networks always tell the truth about which IP addresses they own.

Many companies around the world have been the victim of BGP hijacking, causing thousands of people to have their access disrupted and, possibly, their data stolen.

Real examples of BGP hijacking

Since the start of 2020, there have been over 1430 BGP hijacking incidents, averaging a total of 14 hijackings a day. These attacks include high profile incidents involving companies such as MasterCard, Amazon, Google and national telecom operators.

Here are a few notable incidents from recent years:

December 2017 - Google, Apple, Facebook, Microsoft, TwitchTV, Riot Games

Eighty high-traffic prefixes usually used by Google, Apple, Facebook, Microsoft, TwitchTV and Riot Games were hijacked by an unknown Russian Autonomous System (AS) simply known as DV-LINK-AS (AS39523). User information such as email addresses, passwords, usernames and other login details were suspected to be compromised.

April 2018 - Amazon

Approximately 1300 IP addresses belonging to Amazon Web Services were hijacked by eNet (or a customer of theirs), an ISP in Columbus, Ohio. Several partners, such as Hurricane Electric routed traffic through the hijacked addresses, exacerbating the issue. The attacker was suspected to be after cryptocurrency, stealing a total of about $150,000 from MyEtherWallet users.

November 2018 - Google

China Telecom was suspected of hijacking a total of 180 prefixes, affecting a vast scope of Google services, including a massive denial of service to GSuite and Google Search. Regardless of whether intention was involved, valuable Google traffic data fell into the hands of the attackers.

May 2019 - Taiwan Network Information Center

Taiwan fell victim to an unknown Brazilian attacker using two prefixes for advertising purposes that belonged to The Taiwan Network Information Center, a non-profit organisation officially funded by the Taiwanese Directorate General Telecommunications of the Ministry of Transportation and Communication. The attack lasted three and a half minutes where public data was vulnerable.

June 2019 - European telecommunication networks

A Swiss data centre hosting company accidentally leaked over 70 000 routes from its internal routing table to China Telecom. Instead of ignoring the BGP leak, China Telecom re-announced these routes as its own and declared itself as the shortest way to reach the network of the Swiss data centre operator and other nearby European telecommunication companies and ISPs.

Some of the most impacted European networks included Swisscom (AS3303) of Switzerland, KPN (AS1130) of Holland, and Bouygues Telecom (AS5410) and Numericable-SFR (AS21502) of France. This particular incident was severe, lasting over two hours. Users of the affected networks suffered slow connections and denial of service to some servers.

April 2020 - Akamai, Amazon and Alibaba

A massive BGP hijack involving over 8800 prefixes affected companies such as Akamai, Amazon and Alibaba on April 1, 2020. Initiated by a Rostelecom user, the attack caused service disruptions throughout the world. It is currently unknown how much data was leaked or for what purposes, but it generally acknowledged that stricter network filtering by Rostelecom could have prevented the attack.

September 2020 - Telstra

500 prefixes wrongfully advertised as belonging to Telstra caused lengthy data detours via the Australian telecommunications company in September 2020. Telstra later apologised for the unintentional hijacking, stating the incident was caused by post verification testing to address an unrelated software bug. While this incident may have caused widespread connectivity challenges, no data or personal information is suspected to be breached.

BGP hijacking can have detrimental effects from those who steal your data as well as from legal sources such as the GDPR. If regulations such as the GDPR find that you are unfit to protect the private data of your customers or users, you could be liable for a fine of up to 20 million Euros.

Since BGP hijacking cannot be countered through the internet as we know it, companies must look elsewhere for secure, reliable internet solutions.

The Next-Generation Internet

Companies must protect themselves from BGP hijacking to avoid leaking their data to cybercriminals and damaging their reputation. Anapaya has developed the next generation of B2B networking services with a focus on control and security. These connectivity services have complete immunity to BGP routing attacks.

With this next-generation network solution, it is the sender who defines the path for a data packet. This means the sender does the routing, and routers only do forwarding. Routers in the network are connected via virtual predefined path segments, while the sender constructs the end-to-end path out of them based on their preferences.

With Anapaya, you can assemble your data’s travel route based on your best interests, policies and preferences. It further allows these path segments to be interchangeable at will, meaning that any failed section can be substituted with an equivalent one automatically, without the loss of performance.

Essentially, what this means is Anapaya ensures business continuity, robust resistance to DDoS attacks and complete immunity to BGP hijacking.

Protect yourself from BGP hijacking with state-of-the-art technology

BGP hijacking is a serious threat to all companies who use the internet - however, it doesn’t have to be. With Anapaya’s Next-Generation Internet, you can regain safety and the peace of mind you need to offer online services and communications to your customers with confidence. Contact Anapaya today and discover how the next generation of the internet can change the way you think about security.


Insider, Anapaya

Schedule a free
consultation and experience the power of SCION

Our specialists are ready to assist you in becoming SCION-enabled. Fill in the form on the right and elevate your network to the next level.