Guess who's listening to your internet traffic?

By | November 21, 2013
Hint: this time, it's not likely to be the NSA

This is a masterful wide-scale man-in-the-middle attack – and a very difficult one to trace. Someone routed a considerable hunk of the world's internet traffic through Belarus and Iceland on repeated and prolonged occasions.

You may be thinking "ok, so it's just the NSA again, we heard about all this when Snowden said his piece." But Belarus and Iceland aren't quite under the NSA's jurisdiction – other than that the NSA can get data much more pervasively directly from large companies themselves. Speculating who may be behind these attacks is anyone's guess at this point, but I'd guess there's another agency involved this time.

Technically, it's not the easiest feat to pull off. This security attack, known as a man-in-the-middle attack (aka 'wiretapping'), is often something you only read about in papers. But you can read about that in the article. Instead, I'd like to draw your attention to what this sort of attack means.

Someone out there has more data than the NSA for the tapped periods. They know everything that almost anyone has done online. But what are they going to do with that data? If they want to track you down, they can do that. If they want to create a few transactions on your behalf, they can do that too. And if they want to commit fraud or other crime, it's going to be a job from hell to sort it out with all the international jurisdictions involved.

With so much research out there on man-in-the-middle attacks and how to block them, I certainly think it's decent to demand that this theory is put into practice. Not knowing if the attacker has good or bad intentions is certainly a worrying invasion of personal privacy – let's put it this way: would you be okay giving your address, credit card number, expiry date and online banking password out to everyone, including the Mafia, under the principle that you have nothing to hide? Probably not – and not knowing who is behind this attack is indeed worrying. But first things first, we need to take action to prevent these attacks from happening again.

/via +Loki Wijnen 

How Somebody Forced the World’s Internet Traffic Through Belarus and Iceland
If you used the Internet in 2013, there’s a good chance your traffic passed through the hands of ISPs in Belarus and Iceland. It shouldn’t have happened.

8 thoughts on “Guess who's listening to your internet traffic?

  1. Mike Andrews

    Analogy:  Suppose, as I do, I have a highway coming by my door.  I can see what vehicles are driving by.

    Some sinister soul puts up phony detour exit signs diverting traffic somewhere else to come by him.  He can now see what is driving by.

    In neither case are we doing carjacking or hijacking to see what the vehicles are carrying, but if we were, the bad guy can only do what I could have done in the first place.

    The rerouting is not, on its own, a risk that wasn't already there.

  2. daniel ware

    I'm amazed that the choke-point isps have the bandwidth to handle the volume, but interesting on the Icelandic example where the number of ip addresses apparently increased by several orders of magnitude (suspicious in itself).

  3. Sophie Wrobel

    +Mike Andrews Yes, it is an IP routing attack. But it is also, per definition, a man-in-the-middle attack:
     – all relayed messages between targets are intercepted (in this case, the target is not one company such as Google, but entire cities, primarily ones with financial dominance according to the article)
     – the 'control node' ISP is a single gateway: it could potentially modify the relayed messages.

    Traffic sniffing is rather boring. What I find particularly noteworthy is the magnitude of the intercepted targets: Rerouting traffic from all ISPs serving over 150 cities in Europe and North America? Really, do you think all the hundreds if not thousands of ISPs would intentionally collaborate to send traffic to Iceland and Belarus?

  4. barqzr davi

    there ya go Sophie, mike has it all figured , , the semantics are wrong, :p
    he fails to mention  however, how "any other ISP" could pull an "IP routing attack" of these proportions
    perhaps he should make these revelations to Renesys , i'm sure they would be relieved, to point out their error

  5. Mike Andrews

    It's not a man in the middle attack, it's an IP routing attack.
    A man in the middle attack would have them pretending to be a site like Google.  This was just pretending they could get traffic delivered to such as Google.

    Yeah, they could have sniffed the traffic, but so could any other ISP.  This is why traffic is encrypted.


Leave a Reply

Your email address will not be published.