What is a BGP Hijacking?
The Border Gateway Protocol (BGP) is used to direct traffic across the Internet, allowing networks to exchange “reachability information” to facilitate reaching other networks. BGP hijacking is a form of application-layer DDoS attack that allows an attacker to impersonate a network, using a legitimate network prefix as their own. When this “impersonated” information is accepted by other networks, traffic is inadvertently forwarded to the attacker instead of its proper destination.
What Are the Signs of a BGP Hijacking?
There can be a range of motives behind a BGP Hijacking, including intercepting Internet traffic and redirecting it to a fake website as part of a man-in-the-middle attack. When a BGP Hijacking occurs, page load times will in many cases, dramatically increase due to the fact that network requests are no longer following the most efficient route, possibly traversing around the world unnecessarily. In most cases, latency will increase significantly.
Unfortunately, BGP hijacking can be difficult to detect as the owner of the network prefix is unable to detect the hijack themselves. The only approach is to use external services to listen for unauthorized announcements for network prefixes, which might include BGPMon and others. With over 80.000 autonomous systems around the world, it is not hard for attackers to fly under the radar.
Why Are BGP Hijackings Dangerous?
In addition to creating tremendous network latency, a BGP Hijacking may cause lost revenue as a legitimate site loses traffic (and potentially business) to an imposter. Such DDoS attacks may also be used by spammers or to steal credentials, opening the door to greater fraud. Examples of such attacks are hijacks for prefixes for financial websites where the attacker harvests user credentials and authentication tokens, providing him/her with the information required to access sensitive data, or give access to the user’s financial services. BGP hijackings may also be used as part of a disinformation campaign or as part of sophisticated phishing attacks. And because BGP essentially assumes all networks are trustworthy, no security safeguards have yet been incorporated globally that can validate routes are authentic – making it easier for attackers to prevail.
How to Mitigate and Prevent BGP Hijackings
Combatting BGP Hijacking attempts requires a community approach. Network operators can’t fully secure their own networks, because routing security necessitates actions on the part of other networks. Vigilance is the key to preventing such attacks. The Mutually Agreed Norms for Routing Security (MANRS) is a community initiative of network operators and Internet Exchange Points (IXPs) that establishes a baseline of routing security expectations. MANRS lays out specific actions that are designed to mitigate common routing threats, utilizing filtering to prevent the propagation of false routing information. MANRS also mandates anti-spoofing, global validation, coordination, monitoring and debugging tools