Meet the World biggest security threat: BGP weekness

Two researchers have proved that it is possible to intercept internet traffic. Till date, it was known that only NSA(National Security Agency) could access this traffic.

The hacker exploits the BGP(Border Gateway Protocol) that lets him to monitor unencrypted traffic.

Here’s how it works. When a user types a website name into his browser or clicks “send” to launch an e-mail, a Domain Name System server produces an IP address for the destination. A router belonging to the user’s ISP then consults a BGP table for the best route. That table is built from announcements, or “advertisements,” issued by ISPs and other networks — also known as Autonomous Systems, or ASes — declaring the range of IP addresses, or IP prefixes, to which they’ll deliver traffic.

The routing table searches for the destination IP address among those prefixes. If two ASes deliver to the address, the one with the more specific prefix “wins” the traffic. For example, one AS may advertise that it delivers to a group of 90,000 IP addresses, while another delivers to a subset of 24,000 of those addresses. If the destination IP address falls within both announcements, BGP will send data to the narrower, more specific one.

“It’s a huge issue. It’s at least as big an issue as the DNS issue, if not bigger,”

said Peiter

Via