Scenic BGP Route | TechSNAP 137

Scenic BGP Route | TechSNAP 137

Attackers use BGP to redirect and monitor Internet traffic, 42 Million dating site passwords leaked, and the data center that could be coming to a town near you.

Plus a great batch of your questions, our answers, and much much more!

On this week’s TechSNAP!

Thanks to:



Direct Download:

HD Video | Mobile Video | MP3 Audio | Ogg Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feeds | Torrent Feed

Show Notes:

Attackers compromise core routers and redirect internet traffic

  • Attackers have managed to compromise some routers running BGP (Border Gateway Protocol), and cause them to inject additional hops into some routes on the Internet, allowing them to execute man-in-the-middle (MitM) attacks and/or monitor some users’ traffic
  • Renesys has detected close to 1,500 IP address blocks that have been hijacked on more than 60 days this year
  • “[The attacker is] getting one side of conversation only,” Cowie said. “If they were to hijack the addresses belonging to the webserver, you’re seeing users requests—all the pages they want. If they hijack the IP addresses belonging to the desktop, then they’re seeing all the content flowing back from webservers toward those desktops. Hopefully by this point everyone is using encryption.”
  • In one attack the hop starting in Guadalajara, Mexico and ending in Washington, D.C., included hops through London, Moscow and Minsk before it’s handed off to Belarus, all because of a false route injected at Global Crossing, now owned by Level3
  • “In a second example, a provider in Iceland began announcing routes for 597 IP networks owned by a large U.S. VoIP provider; normally the Icelandic provider Opin Kerfi announces only three IP networks, Renesys said. The company monitored 17 events routing traffic through Iceland”
  • Renesys does not have any information on who was behind the route hijacking

Cupid Media Hack Exposed 42M Passwords

  • The data stolen from Southport, Australia-based dating service Cupid Media was found on the same server where hackers had amassed tens of millions of records stolen from Adobe, PR Newswire and the National White Collar Crime Center (NW3C), among others.
  • Plain text passwords for more than 42 million accounts
  • Andrew Bolton, the company’s managing director. Bolton said the information appears to be related to a breach that occurred in January 2013.
  • When Krebs told Bolton that all of the Cupid Media users I’d reached confirmed their plain text passwords as listed in the purloined directory, he suggested I might have “illegally accessed” some of the company’s member accounts. He also noted that “a large portion of the records located in the affected table related to old, inactive or deleted accounts.”
  • > “The number of active members affected by this event is considerably less than the 42 million that you have previously quoted,” Bolton said.
  • The danger with such a large breach is that far too many people reuse the same passwords at multiple sites, meaning a compromise like this can give thieves instant access to tens of thousands of email inboxes and other sensitive sites tied to a user’s email address.
  • Facebook has been mining the leaked Adobe data for information about any of its own users who might have reused their Adobe password and inadvertently exposed their Facebook accounts to hijacking as a result of the breach.
  • The Date of Birth field is a ‘datetime’ rather than just a ‘date’, and seems to include a random timestamp, maybe from when the user signed up
  • Additional Coverage


Round Up:

Question? Comments? Contact us here!