As we were talking before BGP is the protocol that reings the Internet (if you didn’t read the last post, check it out here: https://4geeks.io/blog/have-you-ever-thought-about-how-internet-works/). BGP was created with an idea in mind: connect Autonomous Systems (AS) around the world, but security was not taken into account.
A simple action as change (as AS) my information about the best route that I know for another AS, it could redirect all the traffic to a “blackhole”. Also it could increase the response time for a site or region in a considerable quantity. These actions are known as: BGP hijacking.
The BGP hijacking (or IP hijacking) could be generated in an accidentally way or on purpose. In 2008, Pakistan wanted to restrict the access from inside the country to the video site www.youtube.com. There was a misleading configuration that derived in all traffic to Youtube went to Pakistan. For sure, the site was unavailable for a few time until the BGP tables were updated with the correct routes.
Another similar case, this time from Iran in 2017, was looking for censor some websites to its citizens. The politics were applied and effectively those sites were banned in the country , however this rules were propagated to other AS provoking that users from other countries like China or India couldn’t access to them. Zach Julian made a good analysis about the incident and how the rules were propagated. If want to read it, here’s the link: https://know.bishopfox.com/blog/2017/01/in-the-news-a-bgp-hijacking-technical-post-mortem.
An attack generated on purpose, categorized as a Phishing attack, was detected last year: Amazon’s Route 53 service were hijacked and affected all the traffic that went to this service. The attackers redirected the traffic from MyEtherWallet.com, a cryptocurrency website, to an identical fake side and they stole a small amount of currency. With the attack, the users were entered to the correct address, but they were redirected to a fake server located in Russia.
BGP hijacking as a censorship tool
As we can see, it’s totally possible to restrict content to a province, state or even a country. In a fictional context of a “cyber war”, a group of attackers could make that sides from a whole country cannot be accessed from other places. This could provoke considerable economic losses while the hijacking is active.
Also a group of institutions could agree to ban another institution or country from their AS and groups that does not have relation with the agreement could be affected by this. For example: AS1 and AS2 want create a “blackhole” effect in all the traffic that is for AS4, so they will not redirect to that AS. Exists another AS (AS3) that depends on AS1 and AS2 to connect to AS4, but the agreement will not allow the traffic to AS4. It does not matter if AS3 and AS4 has excellent relation, they will not could connect with each other.
It has happened more than 25 years since BGP creation and the protocol still vulnerable to this kind of attacks. Of course, there are strategies to avoid a possible attack, but the BGP hijacking still active and all the internet structures remains on it. It is necessary to move to another protocol more secure than the actual and one that does not allow the censorship to another AS.