At Defcon 16, I missed an unscheduled talk by Anton Kapela and Alex Pilosov on stealing the Internet. I quickly learned that they had leveraged BGP to route traffic from the Las Vegas con over to one of their servers in New York, and back to the con again, with no one the wiser.
Kim Zetter over on Wired has an article discussing this eavesdropping attack. While it doesn’t sound new or innovative (kinda like I can prank call you on the phone because, get this, the phone lets me call you!), it is still a decently big deal.
The attack is called an IP hijack and, on its face, isn’t new.
Pilosov’s innovation is to forward the intercepted data silently to the actual destination, so that no outage occurs.
Ordinarily, this shouldn’t work — the data would boomerang back to the eavesdropper. But Pilosov and Kapela use a method called AS path prepending that causes a select number of BGP routers to reject their deceptive advertisement. They then use these ASes to forward the stolen data to its rightful recipients.
Kim has a follow-up post with more information that didn’t make the first one.