News has broken that Google has been hit by the ‘worst ever’ internet hijack in the company’s history, security experts fear. Information from Google searches, cloud-hosting services and the company’s bundle of collaboration tools for businesses – known as G Suite – were all affected. Data was intercepted by servers in Nigeria, China and Russia – including those run by major state-owned telecoms providers.
Security experts suggested the hack was a ‘wargame experiment’ – meaning it may prelude similar, more widescale attacks from the nations involved in future. The type of traffic misdirection employed, known as border gateway protocol (BGP) hijacking, can knock essential services offline and facilitate espionage and financial theft.
Gavin Millard, VP of Intelligence at Tenable explains how this attack works.
“BGP [the routing protocol favoured by many as it affords a level of fault tolerance required to send traffic around the globe] wasn’t designed with security in mind.
“There has been a noticeable uptick in recent years of abusing BGP through hijacking and the manipulation of where data flows, similar to the issue observed against Google.Whilst methods to introduce a level of security into routing do exist, at the core BGP is based more on honour than strict validation of what routes are advertised.
“From a security perspective, the main concern surrounding BGP hijacking and manipulation is the possibility that data could be re-routed through a hostile network, collected for further analysis or malicious payloads like malware injected into the communication stream.
“Fortunately there are advances in improving BGP to ensure traffic is sent via the best path rather than subverted, but these changes take time to gain broad adoption.”
(5)
Article Link: http://digitalforensicsmagazine.com/blogs/?p=2564