By Kim Zetter
August 26, 2008
Two security researchers have demonstrated a new technique to stealthily
intercept internet traffic on a scale previously presumed to be
unavailable to anyone outside of intelligence agencies like the National
The tactic exploits the internet routing protocol BGP (Border Gateway
Protocol) to let an attacker surreptitiously monitor unencrypted
internet traffic anywhere in the world, and even modify it before it
reaches its destination.
The demonstration is only the latest attack to highlight fundamental
security weaknesses in some of the internet's core protocols. Those
protocols were largely developed in the 1970s with the assumption that
every node on the then-nascent network would be trustworthy. The world
was reminded of the quaintness of that assumption in July, when
researcher Dan Kaminsky disclosed a serious vulnerability in the DNS
system. Experts say the new demonstration targets a potentially larger
"It's a huge issue. It's at least as big an issue as the DNS issue, if
not bigger," said Peiter "Mudge" Zatko, noted computer security expert
and former member of the L0pht hacking group, who testified to Congress
in 1998 that he could bring down the internet in 30 minutes using a
similar BGP attack, and disclosed privately to government agents how BGP
could also be exploited to eavesdrop. "I went around screaming my head
about this about ten or twelve years ago.... We described this to
intelligence agencies and to the National Security Council, in detail."
The man-in-the-middle attack exploits BGP to fool routers into
re-directing data to an eavesdropper's network.
Anyone with a BGP router (ISPs, large corporations or anyone with space
at a carrier hotel) could intercept data headed to a target IP address
or group of addresses. The attack intercepts only traffic headed to
target addresses, not from them, and it can't always vacuum in traffic
within a network -- say, from one AT&T customer to another.
The method conceivably could be used for corporate espionage,
nation-state spying or even by intelligence agencies looking to mine
internet data without needing the cooperation of ISPs.
Register now for HITBSecConf2008 - Malaysia! With
a new triple-track conference featuring 4 keynote
speakers and over 35 international experts, this
is the largest network security event in Asia and
the Middle East!