
Someone Forced World Internet Traffic Through Belarus and Iceland - Anon84
http://allthingsd.com/20131120/how-somebody-forced-the-worlds-internet-traffic-through-belarus-and-iceland/
======
mschuster91
The autor is dead incompetent or outright stupid.

    
    
      In network security circles, this is what’s known as a Man-In-The-Middle attack. And for years it has been understood to be possible in theory, but never seen in practice.
    

Uh, no. What happened here was a BGP hijack, which has happened MULTIPLE times
over the last few years. IIRC the one with the biggest fallout was some
Pakistani ISP which fucked up a YouTube block order - they broadcasted the
null-route to the entire Internet and Google couldn't do anything, lol.

And even "normal" MITM attacks have been done for years now. Every ISP doing
censorship, BitTorrent throttling and anything that interrupts normal packet
flow does active MITM attacking, and the NSA listening posts are passive MITM
posts.

~~~
Jgrubb
With all due respect, one thing that gets really tiresome on this board is the
"OMG, this person is soo stupid because they don't know nearly as much as I do
about this one particular topic" tone in this comment. If you started your
comment with "what happened here was..." you'd come across as knowledgable and
helpful to those of us who aren't knowledgable in this field, rather than
(please forgive my saying it) an asshole. Maybe try thinking "what if someone
wrote this to/about me" before hitting Submit. Just trying to be helpful in my
own way, pardon me if it's unwanted.

edit: my point had nothing to do with the content of the article. It was more
just saying "hey, effective written communication is a tricky thing. Where the
author of the article may have failed in some of the important technical
details of the article, you have also failed in presenting your corrections in
a somewhat offensive manner. Maybe consider the _how_ next time in addition to
_what_ you are trying to convey."

~~~
bowlofpetunias
I don't think anything excuses the media for being so shoddy in (mis)informing
their readership.

Remember, you're on _Hacker_ News. Thanks to people like the author, the
average person thinks you and I are criminals. Because, hackers.

You may be right about omitting that tone in general, but considering the
feelings of media hacks is not a big motivator.

~~~
mistermann
I'd suggest that the average person doesn't think about you at all.

~~~
TallGuyShort
But the average person has been given the impression, however inadvertently,
that the average "hacker" is engaging in clandestine, nefarious activities on
the Internet. When I was in University I lost count of the number of people
who freaked out because they saw me using a terminal and vim from my laptop
during class.

~~~
the_watcher
This article refers to attackers, not hackers. The work "hack" does not occur
once in the article. Calling these people attackers is accurate, and doesn't
do anything to contribute to the people you describe thinking of you as a
criminal, unless you think rerouting traffic in this way is in some way
legitimate.

~~~
jlgreco
That isn't the complaint about this particular article. The complaint about
_this_ article is the botched reporting on what happened, and what MITM
attacks are. This criticism was defended by pointing out that misinformation
from the media has the potential to have a negative effect. An example given
of this was the careless use of the word "hacker" by the media "in general".

------
perlgeek
I don't really understand how that works. After all I don't think a normal
Internet can hijack BGP, they need to be able to announce routes. So if an ISP
announces low-cost routes, you know who did it -- unless the ISP's security
was breached quite severely.

So, can't you just asked the ISPs who announced those fake routes if they were
hacked, and if not, demand an explanation? (And if no explanation comes forth,
stop peering with them)

~~~
nathanm412
A much more competent article written by the researchers themselves explained
that they did contact the Iceland ISP involved in one of the attacks. Their
reply stated that it was caused by a bug in a vendor's software that was
resolved after a patch. The ISP wasn't interested in looking into it any
further.

[http://www.renesys.com/2013/11/mitm-internet-
hijacking/](http://www.renesys.com/2013/11/mitm-internet-hijacking/)

~~~
notacoward
Also interestingly, somebody tried to submit that article yesterday. I know
because I tried to submit it myself, and found that I'd been scooped. It got
no responses and almost no upvotes, until allthingsd added the "MITM" keyword
that people here recognize. It might be inaccurate - the attack seems to
_enable_ MITM rather than being MITM itself - but it got some much needed
publicity for the story.

------
ChuckMcM
It will be interesting to see how this rolls around. I have listened to people
complain about the insecurity of BGP for years. Got to experience a bit of it
when a bad router update our ASIN in it and sent our traffic out and about
briefly (fortunately just pushing up latency not killing the web site.)

It is currently the most effective and useless DDOS strategy to push a black
hole route out for the 'target.' Effective since all their packets will stop
getting to them, useless because it points exactly at the point where it is
coming from, and NOCs have gotten reasonably good at working around bogus
advertisements. So it is short lived.

------
ancarda
>Cowie said the really big Internet service providers ... should be watching
for when smaller players advertise false routes.

How can an ISP tell if a route is "false"?

~~~
tomp
By knowing what IP ranges the smaller ISPs own. If a small A connects to bit
B, and B knows that A has IPs 123.234. _._ , then it should not accepts routes
that route other IPs to A.

~~~
perlgeek
It's not that simple, an ISP that has multiple peering partners doesn't just
accept traffic for its own IPs, but also for those of its peering partners
(and their peering partners, recursively).

------
ColinWright
Is the report over here more useful?

[https://news.ycombinator.com/item?id=6774263](https://news.ycombinator.com/item?id=6774263)

~~~
junto
Content wise yes. Font size no. Font is so small it is almost unreadable.

Take-away: To improve time spent on site, and return visitors computing.co.uk
should increase the font size!

That just reminded me of an (urban) story where a man went to Fairy Liquid and
offered to increase their profits by 25%. He wanted 5% of the 25% increase.
They signed contracts and agreed to the deal. The simple solution was to make
the hole 25% bigger. The customers squeezed just the same and 25% more came
out. Profit.

~~~
mattkevan
I heard a similar story about Listerine. A canny marketing manager boosted
sales by realising everyone used the cap to measure doses. He made the cap
bigger.

~~~
lucaspiller
Wonder if you can do the same with SaaS?

------
quarterto
Interestingly, the two UK cities marked on the map appear to be Bristol or
Cardiff, and... somewhere in the middle of nowhere in Cumbria? Why not London,
Manchester, Birmingham etc.?

~~~
nmc
Same weird placement effect on French cities: one seems to be Rennes, the
other Limoges or Poitiers...

