For the past week, something strange has been going on in the European internet. For five days, web traffic from Texas to certain addresses in the UK has been routed through Ukrainian and Russian telecoms, taking a detour thousands of miles out of the way. Network traffic often takes a circuitous route as a result of network congestion or interconnection difficulties, but neither one would be enough to account for these routes. Instead, this was the result of a bad route announced by Ukraine’s Vega telecom, inserting itself in between. “At this point, I have to believe this was an innocent mistake by Vega,” said Dyn’s Doug Madory, who first discovered the redirection, “but it’s concerning nonetheless.”
This phenomenon is known as “route hijacking,” and it’s a common security concern for network engineers and security researchers alike. It’s particularly disconcerting because of the sensitive nature of many of the sites involved. Among the dozens of sites involved was the UK’s Atomic Weapons Establishment, which is tasked with managing and delivering the UK’s nuclear warheads, as well as the UK’s official mail service, the Royal Mail. US defense contractor Lockheed Martin was also running a VPN connection that was caught up in the redirection.
VPN traffic would have been encrypted, as well as almost all email traffic, but anyone listening in on email traffic would have been able to read the IP addresses of the parties involved. Even worse, any site serving data over unencrypted HTTP would have been entirely in the clear, and potentially exposed to injection attacks by a malicious third party with access to an intermediate network. (Both AWE and Royal Mail serve their sites over unencrypted HTTP.) Because of the public nature of the routing table, it’s easy to see exactly when and how the route hijacking occurred, but why is still a mystery, and we can’t say for sure whether any data was altered in transit.
Read the Full Article: Source – The Verge
http://www.theverge.com/2015/3/13/8208413/uk-nuclear-weapons-russia-traffic-redirect
Leave a Reply
You must be logged in to post a comment.