​Hacking Team helped Italian police to hijack internet addresses

Posted on July 13, 2015 by Mat Smith

The Border Gateway Protocol (BGP) is used to route traffic across the Internet — and it’s a pretty old, creaky protocol that’s open to abuse. Back in August 2014, an Italian web hosting company faked ownership of 256 IP addresses, under the direction of a special arm of Italy’s Military Police and Hacking Team. The police were trying to use the latter’s remote control system malware to monitor targets of interest, but certain IP addresses were unreachable as their true owners, Santrex, kept them locked down for criminal use. Then, when Santrex apparently went out of business, the police remained locked out of these addresses.

As Filippo Valsorda, an engineer on the CloudFlare Security Team, told Ars Technica, BGP is “a stupid, old, insecure core protocol of the Internet… The affected IP class, 46.166.163.0/24, was unannounced (dead) at the time. However, the BGP trust game is delicate and critical and this reckless irresponsibility undermines the trust that the Internet survives on (and makes it sorely clear how it needs to move on from it).”

Due, to the loss of those IP addresses, the Italian police were unable to tap into several computers that had the Hacking Team’s malware. Emails from the recent leak show the Hack Team discussing how reclaim control. It’s apparently the first known case of an ISP fraudulently announcing it owns IP addresses that it actually doesn’t, although it’s certainly not the first problem that’s come from BGP. Back in 2008, YouTube was locked down unreachable to large portions of the Internet.when Pakistan Telecom tried to use BGP to reroute Youtube addresses elsewhere. This somehow got pushed to its Hong Kong ISP, and then to the rest of the world. Oops.

“BGP is a stupid, old, insecure core protocol of the Internet”

More recently, in 2013 Dyn Research showed that a large amount of internet traffic from financial institutions, government agencies, and ISPs had been diverted to strange, unauthorized locations – possibly being monitored or edited before reaching where it was meant to be sent. With the Hacking Team’s attempt, the fake routing table spread around Italian telecoms companies, then spread around the world. BGP has been noted as a weak point of the internet, but the Hacking Team proved there’s ways to manipulate the protocol, intercepting and affecting internet traffic in the process.

Filed under:

Comments

Source: Ars Technica, MD at Debian