Hack­ing at scale

Tar­get­ing a sin­gle ma­chine or net­work is all well and good, but some peo­ple (or na­tion states) dream big­ger.

APC Australia - - Feature / Hacker Secrets -

On at least one oc­ca­sion last year, great swathes of In­ter­net traf­fic (be­long­ing to high-pro­file com­pa­nies like Face­book, Ap­ple and Google were rerouted through Rus­sian net­works. These kind of Bor­der Gate­way Pro­to­col (BGP) hacks have long been warned about, since BGP was in­vented es­sen­tially as a band aid. The in­ter­net is a net­work of net­works, so-called Au­ton­o­mous Sys­tems, and these are all meant to an­nounce their peer­ing ar­range­ments and con­nec­tiv­ity in an open and hon­est man­ner, so traf­fic can be routed swiftly and ef­fi­ciently. There aren’t any con­crete de­fences against abuse of this sys­tem though, and the BGP­mon web­site ( bgp­mon.net) reg­u­larly re­ports anoma­lous route an­nounce­ments. BGP is com­pli­cated, so many of these will be the re­sult of hu­man er­ror, but a sin­is­ter story may lurk be­hind oth­ers.

In May of 2018 it was dis­cov­ered that mal­ware dubbed VPNFil­ter had in­fected more than half a mil­lion home and small of­fice routers. Anal­y­sis of the mal­ware found it was able to tra­verse fire­walls, spy on traf­fic and could even brick routers (pos­si­bly to ham­per any foren­sic anal­y­sis). It ex­ploited known vul­ner­a­bil­i­ties which hard­ware providers/ISPs should re­ally have patched, although the user must take some re­spon­si­bil­ity here too. VPNFil­ter in­jects ma­li­cious con­tent into web pages, and at­tempts to spy on HTTPS con­nec­tions via an SSL strip­per. The com­bi­na­tion of wide­spread in­fec­tions like VPNFil­ter and large-scale BGP hack­ing paint a chill­ing pic­ture of how frag­ile the in­fra­struc­ture we rely on re­ally is.

Newspapers in English

Newspapers from Australia

© PressReader. All rights reserved.