recentpopularlog in


« earlier   
China systematically hijacks internet traffic: researchers • iTnews
Juha Saarinen:
<p>Researchers have mapped out a series of internet traffic hijacks and redirections that they say are part of large espionage and intellectual property theft effort by China.

The researchers, Chris Demchak of the United States Naval War College and Yuval Shavitt of the Tel Aviv University in Israel, <a href="">say in their paper</a> that state-owned China Telecom hijacked and diverted internet traffic going to or passing through the US and Canada to China on a regular basis.

Tel Aviv University researchers built a route tracing system that monitors BGP announcements  and which picks up on patterns suggesting accidental or deliberate hijacks and discovered multiple attacks by China Telecom over the past few years.

In 2016, China Telecom diverted traffic between Canada and Korean government networks to its PoP in Toronto. From there, traffic was forwarded to the China Telecom PoP on the US West Coast and sent to China, and finally delivered to Korea.

Normally, the traffic would take a shorter route, going between Canada, the US and directly to Korea. The traffic hijack lasted for six months, suggesting it was a deliberate attack, Demchak and Shavitt said.

Demchak and Shavitt detailed other traffic hijacks, including one that saw traffic from US locations to a large Anglo-American bank's Milan headquarters being terminated in China, and never delivered to Italy, in 2016.</p>
china  internet  hijack 
october 2018 by charlesarthur
Telegram traffic from around the world took a detour through Iran
PJS, an Iranian state-owned telecommunications firm, hijacked traffic from the messaging app Telegram traffic on Monday in what is known as a BGP (Border Gateway Protocol) attack. The attacks were detected by multiple Internet traffic monitoring sites, including Cisco's BGPMon and Oracle's Internet Intelligence The BGP hijacking comes just a day before planned protests in the country, reports Patrick Howell O'Neill for Cyberscoop:

"Data from the popular encrypted messenger app Telegram was hijacked by Iran’s state-owned telecommunications giant on Monday, a day before proposed protests over the country’s economic crisis. The move looks to be a BGP hijack, a practice where an intermediary illegitimately takes over groups of IP addresses so data originally destined for one place can be forcefully sent to another...BGP, or the Border Gateway Protocol, is the technology that exchanges routing data across the various networks that make up the entire global internet. 'Once a valid BGP hijack occurs, the hijacker can perform [man-in-the-middle] attacks, eavesdropping, etc.,' said Nico Waisman, a cybersecurity researcher at Cyxtera. Iran’s minister of Information and Communications Technology confirmed the reports in a Tweet on Monday night, saying that 'in the event of an error, whether inadvertent or intentional, the Telecommunication Company of Iran will be severely penalized.' An investigation is underway...Iranian researcher and activist Nariman Gharib told CyberScoop that Tuesday’s protests have been organized via Telegram. One example of a Telegram post for the protests [shown in the article] calls for people to 'gather in the main squares of cities in protest against the tumultuous wave of unemployment and inflation.'"
otf  iran  bgp  hijack  telegram  mena  protests 
july 2018 by dmcdev
BGP Hijack of Amazon DNS to Steal Crypto Currency | Dyn Blog
However, the users of networks that accepted the hijacked routes (evidently including Google’s recursive DNS service) sent their DNS queries to an imposter DNS service embedded within AS10297. If these users attempted to visit, the imposter DNS service wouldn’t direct them to Amazon Web Services (which normally hosts the site), but to a set of Russian IP addresses, according to CloudFlare.
bgp  hijack  cryptocurrency  cybersecurity  amazon  aws  google  dns 
may 2018 by bwiese
Fox-IT hit by cyber attack - Fox-IT (ENG)
What a wonderfully transparent after-action review of an incident. Though changing the registrar password regularly doesn't seem like it would buy them much, as they kept their password in a vault and rarely used it (low chance of extraction/exfil), and the subtle implication the registrar got owned. Though as a mitigation to lack of 2FA, at the registrar, maybe worthwhile. But the real need is watching for abnormal events, which requires a registrar change feed or external monitoring, as you need to trigger on registrar change events or general DNS SOA changes.
DFIR  case  study  DNS  registrar  hijack  MitM  reference  information 
december 2017 by asteroza
'Our minds can be hijacked': the tech insiders who fear a smartphone dystopia | Technology | The Guardian
a small but growing band of Silicon Valley heretics who complain about the rise of the so-called “attention economy”: an internet shaped around the demands of an advertising economy.
ethics  technology  mind  hijack 
october 2017 by gdw

Copy this bookmark:

to read