The perfect crime…continued

Uncategorized

The perfect crime…continued

As we learned in my previous post, even when route hijack attacks are given attention such as by Mutually Agreed Norms for Routing Security (MANRS), there can exist an even more pernicious problem: packet duplication.

Packet dups are the unspoken nightmare for system administrators. With packet dups, enterprises may never know that their data is being archived en mass. As the malicious actor duplicates the packets, they can send the original packets directly to their intended destination over the fastest path, while at the same time diverting duplicate packets to their own server. As far as the network administrator knows, the data arrived securely and intact. Even route tracing wouldn’t detect that anything is awry. When the packet is duplicated and sent directly to the correct destination, the duplicate path cannot be detected and there is no way of knowing that fraud occurred.

Think about this: As this mountain of content grows, much of it may be encrypted and stacked up in the new ‘packet dup archives.’ The bad actor can, at their leisure or when technologies allow, read and gain benefit from the most important content. Granted, there may be a lot of trash and everyday data to be sorted, but as artificial intelligence, machine learning and eventually quantum computing mature, bad actors will be able to decrypt, machine-read and reconstitute entire intellectual property databases. There are signs that these packet dup farms are already up and running, waiting for advancements that will unravel the many treasures that await.

Packet dups is the gift that keeps on giving. Additional “benefits” for the cybercriminal include:

  • By diverting packets from a node on the internet, the cybercriminal receives the information directly from the user, including login details, credit card information, and so on, without the need to develop a phishing site. The cybercriminal is completely invisible.
  • The ability to bring down multiple sites with the same effort through denial of service (DoS) attacks.

An even more perfect crime…

Ironically, when routes are hijacked, two-step authentication can actually make it easier for the cybercriminal. It gives them more information about the user’s account and it follows a process that makes it easier for the bad actor to decrypt the data.