COMPUTERS
October 17, 2008 2:04 PM PDT

Internet-scale 'man in the middle' attack disclosed

Posted by Robert Vamosi
  • Font size
  • Print
Correction at 3:15 p.m. PDT: This post initially misstated the meaning in this context of ASN. It stands for Autonomous System Notation.

In Black Hat's October Webinar on Thursday, Anton Kapela, datacenter manager at 5Nines Data, spoke about Internet-scale "man in the middle" attacks.

The talk reprised a last-minute substitution presentation he gave along with Alexander Pilosov at this year's Defcon conference in August. During the conference, the two researchers intercepted all conference Internet traffic at the Riviera Hotel in Las Vegas and ran it through their servers. According to Black Hat founder and director Jeff Moss, most attendees didn't realizing this was being done.

"This is an emergent vulnerability," said Kapela in the Webinar. "It only becomes apparent in thousands of networks, not one." He took effort to explain that this is really a condition of the Internet today. "I'm not talking about any particular failing, or vendor implementation. This is something that happens because we're using it all," he said

Both Kapela and Moss drew parallels between this flaw and Dan Kaminsky's DNS disclosure in July. Moss said that this talk in particular was representative of research being done on the bedrock foundations of the Internet. Lately researchers have been finding faults that could have enormous impact in the future.

Kapela said there is a trust issue with Border Gateway Protocol, and admitted that the hijacking part of his talk isn't new. What is new is that "any network has the ability to facilitate this attack." Kapela and his partner found a feasible return path using Autonomous System Number that provides a way to hop-scotch through an attacker's network on the way back to yours. In a newsgroup thread, Kapela summarized it as "using AS-path loop detection to selectively blackhole the hijacked route which creates a transport path back to the target."

Kapela said this method challenges the conventional thinking that traffic analysis means you have to be local. You could be in China and monitoring static networks in the U.S.

Black Hat has been hosting these Webinars since June, and offers an e-mail address (subscribe-webcasts@blackhat.com) to subscribe for updates.

As CNET's resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security. Listen to his podcast at securitybites.cnet.com or e-mail Robert with your questions and comments.
Topics:

News,

Vulnerabilities & attacks

Tags:

security,

Black Hat,

Jeff Moss,

Tony Kapela,

Alexander Pilosov,

Border Gateway Protocol,

BGP

Share:
Digg
Del.icio.us
Reddit
Recent posts from Security
Study: Data breaches rose in 2008
Fake celeb LinkedIn profiles lead to malware
Hackers hit MacRumors keynote coverage
Alarm systems at risk: UL establishes a higher security requirement for magnetic switches
Twitter phishing scam may be spreading
'Curse of silence' smartphone flaw disclosed
Defense contractors eye cybersecurity bonanza
Web browser flaw could put e-commerce security at risk
Add a Comment (Log in or register) 1 comment
by ljheidel October 17, 2008 2:46 PM PDT
In this context did you hear "ASN" and write "Abstract Syntax Notation" rather than "Autonomous System Number" without having a clue? The latter is generally correct when referring to BGP paths.
Reply to this comment
advertisement

In the news now

Apple: DRM-free tunes, unibody MacBook Pro

roundup At Macworld, Phil Schiller touts 10 million songs sans DRM, plus 69-cent songs, a unibody 17-inch notebook, iLife updates, and more.


Countdown to CES

special coverage The tech community descends on Las Vegas as the Consumer Electronics Show gets ready to kick off in all its gadgety glory.


About Security

Online security is threatened by more than hacking and phishing attempts. Check here for the latest updates on software vulnerabilities, data leaks, and rapidly spreading viruses--and learn how to protect your systems.

Add this feed to your online news reader

Security topics

advertisement

Inside CNET News

Scroll Left Scroll Right
News
Site map
Latest news
Business tech
Green tech
Wireless
Security
Popular topics
Apple iPhone
Apple iPod
CES
Cell phones
Dell
GPS
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
Corrections
Customer Help Center
RSS
CNET Widgets
About CNET