Sometimes, something is so big that you don’t notice it for a long time. You suddenly realise you’re in a massive crater, say, or that a building is towering overheard. Or, in this case, a gaping security void in the internet. And someone’s been siphoning massive amounts of data out of it.
Wired reports that someone, somewhere, has been using a security loophole — one that was feared might exist — to hijack internet traffic headed to government agencies, corporate offices and other recipients in the US. First, it was redirected to Belarus and Iceland, then latterly sent on to its intended destinations. It happened for several months, until someone noticed. Wired explains:
The stakes are potentially enormous, since once data is hijacked, the perpetrator can copy and then comb through any unencrypted data freely — reading email and spreadsheets, extracting credit card numbers, and capturing vast amounts of sensitive information.
The attackers initiated the hijacks at least 38 times, grabbing traffic from about 1,500 individual IP blocks — sometimes for minutes, other times for days — and they did it in such a way that, researchers say, it couldn’t have been a mistake.
So what was the motivation? Well, initially it seemed financial — much of the data was destined for a big bank — but then data showed up that was headed to foreign ministries and *cough* a “large VoIP provider in the US”. Combine that with the fact that the hacks were routed through two outposts — though it’s believed it’s all masterminded by one team — and it’s proving tricky to work out who is, in fact, behind it all. As Wired says:
Tony Kapela [one of the researchers who discovered the breach] says the culprit… could actually be an outsider who simply seizes control of one of the systems and sends out the bogus announcement without the owner of the system knowing it. He imagines a scenario where an attacker gains physical access to a router belonging to one of the companies and installs a monitoring device to record data, then gains control of the router console to send out a bogus BGP announcement to redirect traffic through the router. If anyone discovers the redirect, the culprit would appear to be the company that owned the router.
Which leaves the internet at a bit of a loss as to what’s going on — and how to stop it. How quickly the mystery can be solved remains to be seen. [Wired]