In 2008, two security researchers at the DefCon hacker conference demonstrated a massive security vulnerability in the worldwide internet traffic-routing system — a vulnerability so severe that it could allow intelligence agencies, corporate spies or criminals to intercept massive amounts of data, or even tamper with it on the fly.
The traffic hijack, they showed, could be done in such a way that no one would notice because the attackers could simply re-route the traffic to a router they controlled, then forward it to its intended destination once they were done with it, leaving no one the wiser about what had occurred.
Now, five years later, this is exactly what has happened. Earlier this year, researchers say, someone mysteriously hijacked internet traffic headed to government agencies, corporate offices and other recipients in the U.S. and elsewhere and redirected it to Belarus and Iceland, before sending it on its way to its legitimate destinations. They did so repeatedly over several months. But luckily someone did notice.
And this may not be the first time it has occurred — just the first time it got caught.
Read the whole thing.
... Renesys cautions that it doesn’t know who is behind the hijacks. Although systems in Belarus and Iceland initiated the hijacks, it’s possible that those systems were hijacked by a third party that simply used them as a proxy for the attacks.
Either way, one thing is certain, Madory says: the characteristics of the hijacks indicate they were intentional. Some of the targets whose traffic was hijacked seemed hand-picked by the attackers, he says, especially the foreign ministry domains.
“It’s a list [of targets] that you just wouldn’t come by mistake,” Madory told WIRED.
The hijackers also appeared to tweak their attack over time to modify and refine it.