The global economy has changed dramatically in recent years with massive increases in telecommuting, remote work, and freelancers/consultants/gig workers. As a result, more and more of an organization’s sensitive, internal data is passing over the Internet rather than remaining protected behind the organizational firewall.
Moving from self-contained networks protected by the organization’s firewall to a more global network with remote workers opens up organizations to more types of attacks. One example of this is BGP hijacking attacks, where a malicious actor can route traffic through their own infrastructure, allowing them to monitor, drop, and possibly modify the traffic. This, and other threats not present within enterprise networks, make it necessary for organizations to adopt more comprehensive data security solutions.
Introduction to BGP Hijacking
The Internet is based on different protocols. And since the Internet is so decentralized, with no authority governing how traffic should be formatted and sent, the Internet’s users have worked together to come to a consensus on how they should communicate.
One of the leading bodies in this is the Internet Engineering Task Force (IETF), which sends out Requests For Comments (RFCs) that define how certain protocols work. There are RFCs for HTTP (web traffic), SMTP (email), and all other protocols used by the Internet. This way, different organizations can write different software to interact via the Internet (like the dozens of web browsers out there), and the system will work as long as everyone follows the rules.
One important protocol used by the Internet is the Border Gateway Protocol (BGP). The purpose of BGP is to help route traffic from one computer to another. The size of the Internet makes it impossible for Computer A to keep a complete map of it. Instead, Computer A (when wanting to send a message to computer B) will ask for potential routes between them.
Certain entities in the Internet, Autonomous Systems (ASs), take responsibility for helping with BGP routing. Each of these entities has a section of the Internet that they can route to well and also lists of the sections claimed by the other entities. When they receive a BGP request for a given computer, they can submit a potential route to it based upon their knowledge of their sectors and those of their peers.
In the end, Computer A’s request for a route to Computer B should return a valid route, so BGP routing works. However, the protocol isn’t completely secure, enabling BGP hijacking. The main issue with BGP is that the shortest route is always selected with no verification of the actual route. This lack of verification means that a malicious AS can claim a section of the Internet that actually “belongs” to one
of its peers.
If this claim is accepted (and there is little reason not to), all traffic to that sector will follow the route recommended by the malicious entity. This would allow the attacker to drop and potentially view and modify any traffic intended for that destination.
The Chinese BGP Routing Attack
BGP hijacking takes some resources, but it is a completely feasible attack vector. In fact, some threat actors have been known to perform BGP hijacking, although the motives for the hijacking are unclear.
On June 6, 2019, Chinese Telecom performed a 2 hour BGP hijack of traffic intended for European networks. A significant portion of the traffic intended for Switzerland’s Swisscom, Holland’s KPM, and France’s Bouygues Telecom and Numericable-SFR was routed through the Chinese Telecom infrastructure before reaching its destination.
Whether or not this hijack was malicious or accidental is difficult to say; however, Chinese Telecom has been known to perform many BGP hijacks in recent years. This rerouting could have accidentally been caused by misconfiguration of route optimization solutions or could have been an intentional attempt to monitor the traffic intended for these destinations.
Regardless of the motives behind the Chinese Telecom hijacking, it has a negative impact on the affected organizations’ Internet traffic. At a minimum, the affected traffic is delayed since the route from England to France directly is a little bit shorter than if it bounces through China en route. If the rerouting attack was malicious, China could use the opportunity to spy upon the traffic passing through their network infrastructure.
Ensuring Data Security
BGP hijacking attacks can have a negative (and nearly invisible) effect on data security. Many attack vectors are based on a Man-in-the-Middle (MitM) attack, which requires the attacker to control the channel between two communicators. Since BGP hijacking enforces the route used, this enables an attacker to perform a MitM attack.
Preventing a MitM attack is difficult in general due to the complexity of the Internet. Between fixed destinations (like satellite offices), an organization could use fixed routes to protect against these attacks. For more general use, it’s important to take steps to ensure that data cannot be leaked if a BGP hijacking attack occurs.
One simple step is using encrypted protocols like HTTPS instead of HTTP. This prevents an attacker from reading or modifying the data being communicated in transit. Protocols like DNS that are insecure by design can be similarly secured using DNS over HTTPS or similar schemes. More generally, an organization should deploy a data security solution that monitors access to and use of sensitive data. This type of solution can ensure that data never travels over untrusted routes in a way that could leak sensitive data. With such a solution in place, even BGP hijacking attacks pose a limited risk to an organization’s data security.