19 comments

[ 2.7 ms ] story [ 59.2 ms ] thread
For those that want to know what happened, quoting someone from the obscured comment thread on that page:

"AS286 provides IP Transit to AS25459. What happened is that both AS286 and AS25459 did not have proper filtering in place. AS286 leaked AS25459's blackhole routes to it's peers, and a handful accepted those more specifics. This lasted a few minutes before they realized what was going on and a fix was put into place."

So are you saying that there was no deliberate hijack, but rather AS25459 was configured not to carry traffic to those IPs, and it's blackholes got propagated?
I think the author is merely worried about how much of BGP relies on operators trusting each other to configure their networks properly. All it takes is one typo somewhere to bring down the internet for half of America.

Granted, seeing how slowly IPsec and DNSSEC are being adopted, I think the author is fighting an uphill battle.

Certificate pinning in mobile apps goes a long way to preventing a leak of secure data. Sure, you can't get to your service while the hijack is occurring, but you don't have to worry you just submitted your login and password info to a hijacked/malicious IP block. Better to fail closed in this case.

Disclaimer: I use PNC Bank, who was part of this hijack.

What does this have to do with certificates and mobile data? Hijacking an IP is the same as a man-in-the-middle, which PKI prevents without needing to "pin" a cert. You have to first control a trusted CA before you can do real MITM, and if you have that, it's much more effective to simply MITM the existing route and not expose yourself by changing BGP routes all over the place. (Also, a mobile app bundled with a cert "pinned" for that app is effectively just public-key cryptography, so you don't even need to use the global PKI infrastructure at that point)
(comment deleted)
From the same buried comment:

"Describing '5 minute accidental blackhole route leakage' as 'Multiple banking addresses hijacked' makes for a better and more sensational head line. I fully understand if you must blow this event out of proportion."

While I do think the the title is a bit sensationalist, events where someone leaks routes that aren't theirs is commonly referred to as a BGP hijack.
Oh you don't know? Fear is great for selling away rights and responsibilities.
As a network operator on a large ASN, you don't have to look back to 97 to find another example of this. This has happened twice within the last year with networks we peer with. Hell if it weren't for max prefix limits, TATA would leak a full routing table every other week. But that's just incompetence.
And yet the Internet keeps going.

Well, it kind of puts this 'hijacking' into perspective.

TATA is comparable to Cogent though in terms of network quality, and it seems their network engineers are even less competent...
Are you able to give any more details? Granted I'm not involved in large-scale networking, but it's the first I've heard of that.
Many networks will not let you announce /32s. This is something that you have to have a reason for, such as more granular control. Usually they will say yes, because then you can advertise specific routes yourself without constantly going through engineers with your upstream. Mistakes happen though :P
This may have been merely an accident, but it's still frightening, given the potential for malicious use.
In the absence of S-BGP (secure BGP), what we need is an anomaly detection service that detects such BGP prefix hijacking in real time and alerts the owner of the prefix (in this case, the banks). I'd built one such service before, anyone interested can read this white paper we wrote on it: http://rio.ecs.umass.edu/mnilpub/papers/securecomm07.pdf