BGP Hijacking Victimizes Google, Amazon and Other Famous Networks’ Traffic! – Disposable mail news

As per reports, a telecommunication provider that is owned by Russia rerouted traffic which was intended for the most imminent Content Delivery Networks (CDNs) and cloud host providers of the globe.

The entire re-direction kept on for around an hour during which it affected over 8,500 traffic routes of the internet. The concerned organizations happen to be few of the most celebrated ones.

Per sources, the brands range across well-known names like Cloudflare, Digital Ocean, Linode, Google, Joyent, Facebook, LeaseWeb, Amazon, GoDaddy, and Hetzner.

Reportedly, all the signs of this attack indicate towards its being a case of hijacking the Border Gateway Protocol, also known as, BGP hijacking. It is the illegitimate takeover of IP prefixes by a hijacker to redirect traffic.

This gives a lot of power in the hands of the hijacker because they could at any time “publish an announcement” stating that the servers of a particular company are on their network. As a result of which all of e.g. Amazon’s traffic would end up on the hijacker’s servers.

In earlier times when Hypertext Transfer Protocol wasn’t as widely used to encrypt traffic, BGP hijacking was a lucrative way to carry Man-in-the-Middle (MitM) attacks and catch and modify traffic.

But in recent times, analysis and decryption of traffic later in time has become easier because of BGP hijacking, as the encryption gets weaker with time.

This predicament isn’t of a new kind. It has been troubling the cyber-world for a couple of decades, mainly because they aim at boosting the BGP’s security. Despite working on several projects there hasn’t been much advancement in improving the protocol to face them.

Google’s network has been a victim of BGP hijacking by a Nigerian entity before. Researchers mention that it is not necessary for a BGP hijacking to be malicious.

Reportedly, “mistyping the ASN” (Autonomous System Number) is one of the other main reasons behind a BGP hijacking, as it is the code via which internet units are recognized and ends up accidentally redirecting traffic.

Per sources, China Telecom stands among the top entities that have committed BGP hijacking, not so “accidentally”. Another famous one on a similar front is “Rostelecom”.

The last time Rostelecom seized a lot of attention was when the most gigantic of financial players were victimized by BGP hijacking including HSBC, Visa, and MasterCard to name a few.

The last time, BGPMon didn’t have much to say however this time, Russian Telecom is in a questionable state, per sources. They also mention that it is possible for the hijack to have occurred following the accidental exposure of the wrong BGP network by an internal Rostelecom traffic shaping system.

Things took a steep turn when reportedly, Rostelecom’s upstream providers re-publicized the freshly declared BGP routes all across the web aggravating the hijack massively.

Per researchers, it is quite a difficult task to say for sure if a BGP hijacking was intentional of accidental. All that could be said is that the parties involved in the hijack make the situation suspicious.


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

CDNs – Minimize damages if the CDN is hacked – 10 minute mail

Many are most likely already familiar with CDNs, Content Delivery Networks, but in short, a CDN is a service where a site owner can place all static content, such as images or scripts. The following article will go over how to configure a web site to minimize the potential damage if a CDN is hacked.

CDN providers often got a lot of servers spread around the whole world, drastically decreasing the physical distance between the server and the user which allows for faster response times.

The following article will go over how to configure a web site to minimize the potential damage if a CDN are hacked. As an attacker could change all content as well as intercept user credentials with an hacked CDN it has become an important question that has received way too little attention.

Advantages

The advantages of using a CDN are many, for both smaller as well as bigger sites. It improves the loading speed for the customer, lowers the pressure on your server and can often save you money.

It can be summarised in a few key points:

  • Closer physical locations cause faster response times
  • As this is all they do they are able to focus their knowledge on delivering data
  • If popular scripts are loaded from one of the biggest CDNs, they have most likely already been cached in the user’s web browser
  • If the website all of a sudden encounters a great traffic peak the service can quickly be scaled up to handle the pressure

Just a few years ago, this was only available to bigger sites as the starting cost was huge. Today even small personal blogs could take advantage of those services, and as CloudFlare even offer a plan for free there are no real economical drawbacks.

Downsides/problem

The problem is of course if the CDN decides to go malicious, or are hacked by an external part. The CDN are in control of the scripts executed on the website and could potentially in such case modify all visible content or steal sensitive credentials of the users.

By default the CDN is another part that a site owner must trust as much as they trust their own server.

General

A few questions to keep in mind when considering a CDN:

  • Is the CDN trustworthy?
    As the CDN has access to visitor information it is important to trust it. Go for the bigger ones or reach out to the people behind it to determine if they are trustworthy.
  • What if the CDN gets hacked?
    As with any service the CDN could get hacked. Make sure that the people behind the CDN seem to know security, by either checking its reputation online or reaching out to them directly to see how they handle security.
  • What says the uptime will be good at all?
    If the CDN goes down the content hosted there cannot be accessed. Make sure to be sure of its reliability before making the switch.

Solution

With all that said the hope is not out as there are methods to prevent all these, causing almost only advantages to be left.

An old simply privacy related one trick

Buy an additional domain, a dotcom is usually about $10/year. By doing so cdn-example.com can be used instead of cdn.example.com, and data are more easily seperated. This goes for cookies, other personal data, and also limits the potential exposure against client-side attacks such as XSS.

Integrity attribute

Integrity is a flag that can be included in script-tags that specify the hash of a accepted script. An example of this can be seen below:



Author: 

Linus Särud, Security Researcher, Disposable mail
Twitter: @_zulln


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.