Connect with us

Communication

Palestinian Internet Routes Hijacked

Published

on

Palestinian Internet is experiencing issues. Security literate computer users are aware that there is potential for what are known as ‘man in the middle’, or MiTM attacks. This is typically executed by finding a way to get between a user and a web site they want to access, perhaps by running a rogue access point in a coffee shop. If your browser complains about a bad X509 certificate from a web site, it could be a MiTM.

There is another, deeper level of this sort of attack, in which entire blocks of IP addresses are hijacked. This has happened in Gaza and the West Bank, and it may have played a role in the alleged attack on Sony by North Korea.

// -- Discuss and ask questions in our community on Workplace.

Also read: Bitcoin Wi-fi System Enables Payments for Internet Sharing

Global Routing

palestinian internetWhen you turn your computer on, it receives an IP address and a default route from your home router’s DHCP server. That works for a home or office, but how does an entire country like Palestine or North Korea gain access?

There are five regional internet registries (RIRs) which are in charge of managing four billion Ipv4 addresses and a much larger Ipv6 space. Unlike the private IP address your home router gives you, the RIRs deal in globally unique public addresses. These Ipv4 addresses were issued to the RIRs from a common in blocks of sixteen million. The past tense is correct here; the last free blocks of that size were allocated in 2011, and only Ipv6 space remains. The RIRs break these large blocks into prefixes, which are assigned to ISPs, and their location in the global internet is published using Border Gateway Protocol.

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //
Regional Internet Registries

Regional Internet Registries

Block sizes are expressed with Classless Inter-Domain Routing prefixes, variable length bit masks for 32 bit Ipv4 address blocks. The top level blocks contain sixteen million addresses, expressed as a /8s, and the smallest globally routable prefix is a /24, which is 256 addresses. Each ISP has a unique ID in the form of an Autonomous System Number. You can think of this as a sort of area code for blocks of IP addresses.

And if one ISP offers a more specific prefixes than the rightful owner, they will receive all of their traffic, functionally knocking the other provider offline.

Palestinian ISP Faces Hijack

This route hijacking scenario happened for Palestinian ISP Mada Telecom, and the culprit was restoration of an outdated configuration at Netherlands based A2B. IP address space for the Mideast comes from the European RIR, so those addresses having once been used in the Netherlands makes perfect sense.

Mada was assigned 46.244.80.0/23, a block of 512 addresses. A2P split this in two, offering, 46.244.80.0/24 and 46.244.81.0/24, effectively claiming Mada’s traffic by offering more specific destinations. A quick look into the University of Oregon’s RouteViews shows that this problem has been corrected.

Route Views Perspective

Route Views Perspective

Events like this can be attacks, but they are much more often configuration errors. Either way, the process for resolving this is the rightful owner contacting the provider that is using their prefixes, and if they are unresponsive, sending emails to their upstream providers will get the bad prefixes filtered. This is all done in a very ad hoc fashion, via mailing lists operated by the North American Network Operations Group (NANOG) or the Middle East Network Operations Group (MENOG).

North Korean IPs, Chinese Intruder?

There is another, much less common hijacking scenario, which involves a small ISP and its immediate neighbor. North Korea’s STAR-KP has AS131279 and their only outlet to the world is AS4837, China Unicom.

If a network engineer for China Unicom wished to use an IP address from within a STAR-KP prefix this is simple. All that must be done is adding the IP address to China Unicom’s internal gateway protocol and setting up a system to use it. An effort like this is just a few minutes of work to configure, and if the address chosen is unused the deception can remain in place for a long time. The only way this would be noticed by an outsider would be if they ran a traceroute and noticed the IP in question had a different path than the others right next to it.

Noisy, Rare, Easily Detected

Broad outages such as this, both accidental and intentional, have been happening since the internet was converted to Classless Inter-Domain Routing and version four of Border Gateway Protocol back in 1994. This is not some emerging threat and when it happens it is not at all subtle. Mada Telecom returned to operation using 46.244.80.0/23, which is a bit unusual. Victims of such attacks typically break their address space into /24s, the smallest possible prefix, to thwart future attacks.

The ‘pinhole attack’ on North Korea in order to shift the blame for the Sony attack would have been technically simple, but there is no hard evidence that such a thing occurred. We do need to be mindful of such things when it involves nation states in conflict; the potential for a ‘kinetic response’ to a cyber provocation is within the bounds of international law, and we can not afford a case of mistaken identity when the consequences are so serious.

Images from American Registry of Internet Numbers, University of Oregon Route Views; other images from Shutterstock.

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

Communication

San Bernadino iPhone Case: Major Press Agencies Are Suing the FBI

Published

on

The Associated Press, Gannett, and VICE Media are suing the FBI to know more details about the agency’s hack of the San Bernadino killer’s iPhone.

// -- Discuss and ask questions in our community on Workplace.

(more…)

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

Continue Reading

Communication

Toward Unbreakable Quantum Encryption for Everyone

Published

on

Hacked recently covered the efforts of the Chinese government to build unbreakable quantum communication networks. According to analysts, quantum communications networks are so expensive that they could have a “recentralizing effect,” enabling states to recover the ground that they have lost to decentralizing digital technologies. But what if ultra-secure quantum cryptography could be made available to everyone at low cost?

// -- Discuss and ask questions in our community on Workplace.

(more…)

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

Continue Reading

Communication

The Chinese Quantum Satellite QUESS: Toward Unbreakable Quantum Networks

Published

on

One year ago Hacked covered the race between the US and China to develop “military super-powers” by harnessing quantum science, and noted that Chinese scientists were developing quantum communication satellites that support unbreakable encryption. A few weeks ago, China launched its first quantum satellite.

// -- Discuss and ask questions in our community on Workplace.

(more…)

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

Continue Reading

Trending