Banks and governments 'hit by net traffic hijacks'
- 21 November 2013
- From the section Technology
Repeated attacks on the way the net routes data have resulted in huge amounts of traffic being hijacked, a net monitoring company has said.
Renesys said it had uncovered the mass hijackings as part of its day-to-day monitoring of global net links.
Data to and from finance firms, net phone services and governments had been re-routed during the attacks, it said.
On more than 60 days in 2013, Renesys said it had seen large chunks of data go astray from its usual routes.
So far it was unclear who orchestrated the redirecting of the traffic or why it had been done, wrote Renesys technology boss Jim Cowie on a blog about the company's findings.
The companies involved had been told about what had happened to their traffic, he added.
Unlike other attacks that simply divert all traffic so it never reaches its intended destination, the incidents reported by Renesys simply changed the route the traffic took to its final destination.
In some cases this had involved traffic that should only have taken a short hop across a US city travelling halfway round the world before being delivered to its intended destination, it said.
This meant traffic had been slightly delayed but not so much targets would have noticed it had been re-routed, Renesys said.
"The traffic keeps flowing and everything looks fine to the recipient," wrote Mr Cowie.
This type of diversion is known as a "man-in-the-middle" attack because the perpetrator sits between a target and the entity it is swapping data with in order to spy on the traffic passing back and forth.
Some of the biggest hijacks in 2013 had involved traffic being redirected to net companies in Belarus and Iceland, Renesys said.
The Belarusian company has not commented on Renesys' reports, but one Icelandic internet service provider (ISP) named by the company blamed a software bug for the re-routing and said the incidents it had been involved with had not been malicious.
Renesys' discovery meant route hijacking had moved on from being a theoretical threat to a phenomenon seen "fairly regularly", said Mr Cowie, adding the "potential for traffic interception was very real."
He said the discovery was "troubling" and should prompt action by banks, credit card companies and government agencies to start monitoring their view of global net traffic to spot when hijacks occurred.