BGP hijacking – an increasing cyber security threat
In November 2018, for roughly one hour and a half, all services by the internet giant Google, including Spotify and YouTube, became effectively unreachable for its customers. The reason for this major breakdown was so-called BGP hijacking – a malicious or inadvertent rerouting of traffic through different paths. Instead of going through Google’s cloud platform, the data was routed through Nigerian, Russian, and Chinese internet services providers (ISP). While it remains unclear whether this was due to an intentional or an accidental misconfiguration, other incidents of BGP hijacking clearly demonstrate its potential threat to digital economy and public security.
In 2014, for instance, when chunks of Amazon traffic were hijacked, end users were directed to a website masqueraded as MyEtherWallet.com where digital coins were stolen, amounting to economic losses of about $150,000. Apart from the financial damage caused by BGP hijacking, there are serious concerns for public security. While the number of known hijacks involving two adversarial parties is still low an incident in 2010, compromising data from US military sites underlines the potential threat of BGP hijacking to public agencies.
Overall, BGP hijacking has become a major concern in cyber security with thousands of incidents being reported every year.
The importance of this topic is illustrated by just looking at the number of incident reports coming it at bgpstream.com. BGP Stream is a free resource that is sharing alerts about hijacks, leaks, and outages in the Border Gateway Protocol on a real-time basis.
How does BGP hijacking work?
In order for data to move around the world, the internet relies on a protocol called Border Gateway Protocol (BGP). Each Autonomous System (AS) – a group of networks usually administered by ISPs – on the internet uses BGP to determine the routes that network packets take in order to reach neighbouring AS. Using BGP, network packets are passed on from one AS to another until they reach their final destination. Routers usually receive information about plenty potential routing paths from neighbouring ASes based on which they determine the best route.
When data travels from the sending to the receiving AS, it passes through a number of ASes in between. These ASes mainly belong to big ISPs, such as AT&T, Verizon or Telia, constituting the internet’s global backbone. For sender and receiver of a message it is not transparent through which paths the data was routed on the way to its final destination. The problem that ASes hardly exchange routing information paves the way for BGP hijacking. Attackers can manipulate the routing tables of ISPs and thereby alter the path of data traffic.
Routing the traffic through their own servers allows an attacker to conduct so-called man-in-the-middle attacks such as the stealing of credentials or eavesdropping on communication. After the manipulation, the traffic is directed to its final destination and the manipulation can therefore remain unnoticed.
SCION as ground-breaking solution to BGP hijacking
The SCION internet architecture, developed at ETH Zurich for the last decade, addresses among others this weakness of BGP. It is designed to provide route control for the sender and receiver of network packets. SCION offers full transparency and control over the routes the sender to determine through which ISPs traffic should be routed and which ones should be avoided.
The sender could, for instance, determine that the traffic should avoid untrusted ISPs, while the receiver, in turn, can verify the path upon receipt. Therefore, hackers could only manipulate communication if they are located along the predetermined path.
SCION can be used to set up point-to-point connections, similar to leased lines, but without the cost and time to set up and maintain leased lines. ISPs can easily deploy SCION and offer its benefits to end customers, who in turn control and determine the routes of their traffic.
OutlookTo date, ISPs are still doing little to defend themselves against BGP hijacking. They mostly rely on third-party services to detect and address BGP hijacks in a reactive manner. At the same time, businesses and other organizations increasingly rely on wide area networks (WAN) by external suppliers to secure their communication. If ISPs do not start to address security breaches in BGP, they will leave the field to private suppliers. The internet architecture of SCION is therefore a promising solution for ISPs to address the weaknesses of BGP.
Barrera, D., Chuat, L., Perrig, A., Reischuk, R. M., Szalachowski, P. (2017). The SCION Internet Architecture. An Internet Architecture for the 21st Century. Communications of the ACM, 60(6), 55-65.
Cowie, J. (2013). The New Threat: Targeted Internet Traffic Misdirection. Retrieved 29.09.2019, from https://dyn.com/blog/mitm-internet-hijacking/
Goodin, D. (2018). Suspicious event hijacks Amazon traffic for 2 hours, steals cryptocurrency. Retrieved 27.09.2019, from https://arstechnica.com/information-technology/2018/04/suspicious-event-hijacks-amazon-traffic-for-2-hours-steals-cryptocurrency/
Kuerbis, B. (2018). The folly of treating routing hijacks as a national security problem. Retrieved 27.09.2019, from https://www.internetgovernance.org/2018/11/29/the-folly-of-treating-routing-hijacks-as-a-national-security-problem/
Newman, L. H. (2019). The Infrastructure Mess Causing Countless Internet Outages. Retrieved 26.09.2019, from https://www.wired.com/story/bgp-route-leak-internet-outage/
Nichols, S. (2018). OK Google, why was your web traffic hijacked and routed through China, Russia today Retrieved 21.09.2019, from https://www.theregister.co.uk/2018/11/13/google_russia_routing/
Sermpezis, P., Kotronis, V., Dainotti, A., Dimitropoulos, X. (2018). A Survey among Network Operators on BGP Prefix Hijacking. SIGCOMM Comput. Commun. Rev., 48(1), 64-69. doi: 10.1145/3211852.3211862
Sherman, J. (2018). Hijacking the Internet Is Far Too Easy. Retrieved 27.09.2019, from https://slate.com/technology/2018/11/bgp-hijacking-russia-china-protocols-redirect-internet-traffic.html