Man in the Middle Attacks Hijacking Internet Traffic Through Misdirection
The NSA has revealed that large amounts of Internet traffic from “major financial institutions, governments, and network service providers” in more than a half dozen nations is repeatedly being misdirected by way of Man-in-the-Middle attacks to service providers in specific countries.
Since February, numerous events have been documented in which huge blocks of Internet transmissions have been mysteriously rerouted to routers belonging to Belarusian and Icelandic Internet service providers though exploitation of the Border Gateway Protocol (BGP) which govern communications between autonomous networks.
“We have actually observed live Man-In-the-Middle (MitM) hijacks on more than 60 days so far this year. About 1,500 individual IP blocks have been hijacked, in events lasting from minutes to days, by attackers working from various countries,” Gen Keith Alexander said.
Man-in-the-Middle routing attacks are different from simple route hijacks in that the traffic is never interrupted, and so the parties are never alerted to the misdirection, the researchers noted.
“After they receive and inspect the victim’s traffic, they release it right back onto the Internet, and the clean path delivers it to its intended destination. If the hijacker is in a plausible geographic location between the victim and its counterparties, they should not even notice the increase in latency that results from the interception,” Alexander added.
“It’s possible to drag specific Internet traffic halfway around the world, inspect it, modify it if desired, and send it on its way. Who needs fiberoptic taps?”