From New York to Miami…via Cambodia?
From New York to Miami…via Cambodia?
When the airline frequent flyer programs started, many road warriors would go out of their way to collect the largest number of flight segments, hitting several airline hubs in the process. Who would think that today, over the internet, our data would take the circuitous route, racking up more miles than we did intentionally?
One of the fundamental concepts of the internet is that packets travel to their destination using the fastest possible route, hopping through routing hubs of different networks. In theory, the path is dynamic, constantly changing according to network traffic. This method assumes that all of the routes are reliable. In reality, there is no way to ensure whether the routing information is correct, or even uses the most direct connection. The “most efficient route” assumption has proven to be a major vulnerability. These mis-directions are also called Border Gateway Protocol (BGP) attacks, or route hijack attacks.
Bad actors (and you know who you are) are using the routing tables to hijack data by announcing ownership of groups of IP addresses with the ‘promise’ of faster delivery of the data. Every year, the number of successful route hijack attacks grows exponentially, causing significant damage to individuals and corporations. For example, in April 2020 alone, Akamai, Amazon and Alibaba were victims of route hijack attacks.
Since the route is unpredictable by design, intentional rerouting by a malicious actor, or even country, usually goes undetected. Route tracing software would uncover any anomalies by showing the path the packets traveled, but it is typically employed only when the network experiences latency issues, or if a data breach is discovered. As the National Institute of Standards and Technology (NIST) has noted, “If carefully exploited by malicious parties, BGP attacks are very difficult to detect, diagnose and mitigate, suggesting that many more exploits might be occurring that go unreported to the general community.”
Many think that nothing can be done to stop route hijacking. But solutions must include developing new protocols and new encryption algorithms that will render the phishing and data theft impossible. As necessary as these improvements will be, these still won’t solve the DoS problem where the bad actor diverts packets from many sources to attack a site they want to bring down. But there are other new solutions that can prevent DoS attacks that can be implemented in conjunction with the new protocols and encryption.