Why Review BGP Hijacking News?
There is a lot of BGP Hijacking and routing mistakes covered by in the press. It is one of those “controversial” and “exciting” news items. BGP routing incidents (intentional and unintentional) are great press because they have risk imposed on all telecommunications which at times is outside of the control of any organization.
BGP Hijacking and Routing Incidents are you Justification for Action!
Every BGP Routing/Hijacking incident on the Internet is an opportunity for making improvements to your organization’s tools, processes, products, and capabilities to reduce your risk to these BGP issues. It is always useful to read through the blogs, news, and articles about the incident. The following is a list. The object is to build a list “BGP Hijacking Risk Justifications.” These “Risk Justifications” are real and must be presented to your peers, your boss, other teams, your CxOs, and your Board of Directors. We should not have excuses “I didn’t know there was a BGP Hijacking/Stability risk” when the organization depends on telecommunications/Internet.
BGP Hijacking & Routing Incident News Articles
As you read through these articles, remember that many times the reporters are new to BGP, the community does not have a lot of understanding, and there is always a play to “highlight the news” vs helping to make the Internet safer. Also remember, many of the “security researchers” are new to BGP security. They don’t know about the level of transparency for how we connect the Internet via BGP. Recommendation: don’t fixate on one news report. Look at several. Ask the authors and the people who are quoted as experts questions.
2018-11-21 Data Breach Today: Did China Spy on Australian Defense Websites? One Answer Is Clear: Network Re-Routing Raises Suspicions
2018-11-13 Blog: BGP Hijacking & Routing Mistakes – What can you do?
2018-11-13 Bank Info Security: Who Hijacked Google’s Web Traffic? Data Routes Through Russia, Nigeria and China, Raising Security Concerns
2018-11-13 Qrator Blog: Mistake, Mistake, Blackhole
2018-11-13 Wired: GOOGLE INTERNET TRAFFIC WASN’T HIJACKED, BUT IT WAS OUT OF CONTROL
2018-11-13 The Register: OK Google, why was your web traffic hijacked and routed through China, Russia today? BGP hijacking committed ‘grand theft internet’
2018-11-12 Thousandeyes Blog: Internet Vulnerability Takes Down Google
2018-11-05 Akamai Blog: BGP Route Hijacking – Yes, we can minimize the BGP Hijacking Risk
2018-11-05 Dyn/Oracle: China Telecom’s Internet Traffic Misdirection
2018-09-19 Cloudflare: RPKI – The required cryptographic upgrade to BGP routing
2018-09-09 ZDNet: Standard to protect against BGP hijack attacks gets first official draft. NIST and DHS project publishes first draft of new BGP Route Origin Validation (ROV) standard that will help ISPs and cloud providers protect against BGP hijack attacks.
2018-07-30 Cyberscoop: Telegram traffic from around the world took a detour through Iran
2018-04-25 Dyn/Oracle: BGP Hijack of Amazon DNS to Steal Crypto Currency
2018-04-25 TechTarget: BGP routing security flaw caused Amazon Route 53 incident
2018-04-24 Doublepulsar: Hijack of Amazon’s internet domain service used to reroute web traffic for two hours unnoticed
2018-04-24 Thousnadeyes: Anatomy of a BGP Hijack on Amazon’s Route 53 DNS Service
2017-12-17 ARS: “Suspicious” event routes traffic for big-name sites through Russia – Google, Facebook, Apple, and Microsoft all affected by “intentional” BGP mishap.
2017-08-27 Bleeping Computer: Google Error Causes Widespread Internet Outage in Japan
2017-04-27 ARS: Russian-controlled telecom hijacks financial services’ Internet traffic – Visa, MasterCard, and Symantec among dozens affected by “suspicious” BGP mishap.
2015-02-04 Bank Info Security: Who’s Hijacking Internet Routes? Attacks Increase, But There’s No Easy Fix in Sight
2014-08-14 ZDNet: Hacker hijacks ISPs, steals $83,000 from Bitcoin mining pools – Bitcoin exchanges and trading posts have been hacking targets over the past year, but now one hacker has taken on ISPs to loot Bitcoin from mining pools.
2008-11-11 Dyn/Oracle: Brazil Leak: If a tree falls in the rainforest….
2008-08-27 ZDNet: Researchers exploit web protocol to hijack traffic – At the recent Defcon security conference, Alex Pilosov and Tony Kapela demonstrated an attack on BGP, the core internet routing protocol
2008-02-14 Dyn/Oracle: Pakistan hijacks YouTube
2005-12-24 Dyn/Oracle: Internet-Wide Catastrophe—Last Year
1997-04-25 Wikipedia: AS 7007 Incident
Back to the main guide BGP Route Hijacks & Routing Mistakes – What can be done Today?
These BGP security materials are provided to help people around the Internet understand how do their part to deploy a more resilient BGP infrastructure. Seek out more information on www.senki.org via the Operators Security Toolkit. You can also subscribe to the Senki update mailing list here: Stay Connected with Senki’s Updates